OpenSSL have published a security advisory. Here's how it affects BoringSSL:
| CVE | Summary | Severity in OpenSSL | Impact to BoringSSL |
|---|---|---|---|
| CVE-2022-1292 | Failure to escape shell metacharacters. | Moderate | Not affected. BoringSSL does not contain this script. |
| CVE-2022-1343 | False-positive OCSP validation if OCSP_NOCHECKS set. | Moderate | Not affected. BoringSSL does not contain this code. |
| CVE-2022-1434 | RC4-MD5 ciphersuite used AAD as MAC key. | Low | Not affected. BoringSSL does not contain the affected code. |
| CVE-2022-1473 | Memory leak in OPENSSL_LH_flush | Low | Not affected. BoringSSL does not contain the affected code. |