OpenSSL have published a security advisory. Here's how it affects BoringSSL:
| CVE | Summary | Severity in OpenSSL | Impact to BoringSSL |
|---|---|---|---|
| CVE-2022-2274 | Heap memory corruption with RSA private key operation | High | Not affected. Bug was introduced after fork. |
| CVE-2022-2097 | AES OCB fails to encrypt some bytes | Moderate | Not affected. BoringSSL does not support OCB. |