OpenSSL have published a security advisory. Here's how it affects BoringSSL:
| CVE | Summary | Severity in OpenSSL | Impact to BoringSSL |
|---|---|---|---|
| CVE-2021-4160 | BN_mod_exp may produce incorrect results on MIPS | Moderate | Not affected, impacted code was removed from BoringSSL in the initial fork |
This is the MIPS carry overflow bug previously described in our writeup for December 14th, 2021. BoringSSL does not include OpenSSL’s MIPS assembly and is not affected by this bug.