OpenSSL have published a security advisory. Here's how it affects BoringSSL:
| CVE | Summary | Severity in OpenSSL | Impact to BoringSSL |
|---|---|---|---|
| CVE-2022-3602 | X.509 Email Address 4-byte Buffer Overflow | High (initially Critical) | Not affected. Bug was introduced after the fork. |
| CVE-2022-3786 | X.509 Email Address Variable Length Buffer Overflow | High | Not affected. Bug was introduced after the fork. |
Though not listed in the advisory, the 1.1.1s and 3.0.7 releases additionally fix an out-of-bounds read in TLS cipher string processing. BoringSSL fixed this issue in October 2016.