| # OpenSSL Advisory: February 26th 2019 (BoringSSL Not Affected) |
| |
| OpenSSL have published a [security advisory](https://openssl-library.org/news/secadv/20190226.txt). Here's how it affects BoringSSL: |
| |
| CVE | Summary | [Severity] in OpenSSL | Impact to BoringSSL |
| ----|---------|-----------------------|--------------------- |
| CVE-2019-1559 | 0-byte record padding oracle | Moderate | Not affected. CBC decoding is encapsulated in the AEAD interface and doesn’t interact with the TLS state machine. |
| |
| [Severity]: https://openssl-library.org/policies/general/security-policy/index.html#issue-severity |
| |
| ## bn_cmp_words underrun |
| |
| Not mentioned in the security advisory, but [included](https://github.com/openssl/openssl/commit/b250f2a431ab0cc03a8a1cc4cdc1a7e9ecb052a6) in the source update, is a fix to `bn_cmp_words` found by ChromeOS fuzzing. The arithmetic issue appears to be harmless but, when triggered, this causes the bigint code to read one word before the start of a malloced buffer. With OpenSSL this may cause a crash if the malloced buffer starts at a page boundary and the previous page isn’t readable. |
| |
| In BoringSSL, this erroneous path was reachable for about a day on our main branch, in January 2018. However in BoringSSL the prior word will be the length of the buffer so this is harmless. The issue was independently fixed in BoringSSL, when other side channel work [removed `bn_cmp_words` altogether](https://boringssl-review.googlesource.com/25404). |
