docs/advisories/2016-09-22.md - boringssl.git - Git at Google

 # OpenSSL Advisory: September 22nd 2016

 OpenSSL have published a [security advisory](https://www.openssl.org/news/secadv/20160922.txt). Here's how it affects BoringSSL:

 CVE | Summary | [Severity] in OpenSSL | Impact to BoringSSL
 ----|---------|-----------------------|---------------------
 CVE-2016-6304 | OCSP Status Request extension unbounded memory growth | High | Not affected; buggy code was removed.
 CVE-2016-6305 | SSL_peek() hang on empty record | Moderate | Not affected; regression introduced after fork. (Added [test](https://boringssl-review.googlesource.com/c/11090/) anyway.)
 CVE-2016-2183 | SWEET32 Mitigation | Low | Not practical to do anything right now or of much interest (bulk ciphers do not affect downgrade and HIGH/MEDIUM aren't useful APIs for server operators).
 CVE-2016-6303 | OOB write in MDC2_Update | Low | Not affected; buggy code was removed.
 CVE-2016-6302 | Malformed SHA512 ticket DoS | Low | Not affected; independently fixed in [April 2015](https://boringssl.googlesource.com/boringssl/+/adcc39560e638d0e9866dac698d64370d1c0abef).
 CVE-2016-2182 | OOB write in BN_bn2dec | Low | Fix imported [August 2016](https://boringssl.googlesource.com/boringssl/+/958aaf1ea1b481e8ef32970d5b0add80504be4b2) (and then [rewritten](https://boringssl.googlesource.com/boringssl/+/7c040756178e14a4d181b6d93abb3827c93189c4)).
 CVE-2016-2180 | OOB read in TS_OBJ_print_bio | Low | Not affected; buggy code was removed.
 CVE-2016-2177 | Pointer arithmetic undefined behavior | Low | Not affected; buggy code was rewritten.
 CVE-2016-2178 | Constant time flag not preserved in DSA signing | Low | Fix imported [June 2016](https://boringssl.googlesource.com/boringssl/+/26b7c35d8c78065a57c93a01d95b31eb85de51b9).
 CVE-2016-2179 | DTLS buffered message DoS | Low | Not affected; buggy code was removed.
 CVE-2016-2181 | DTLS replay protection DoS | Low | Not affected; buggy code was removed.
 CVE-2016-6306 | Certificate message OOB reads | Low | Not affected; buggy code was rewritten.
 CVE-2016-6307 | Excessive allocation of memory on TLS messages | Low | Not affected; regression introduced after fork.
 CVE-2016-6308 | Excessive allocation of memory on DTLS messages | Low | Not affected; regression introduced after fork.

 [Severity]: https://openssl-library.org/policies/general/security-policy/index.html#issue-severity
	# OpenSSL Advisory: September 22nd 2016

	OpenSSL have published a [security advisory](https://www.openssl.org/news/secadv/20160922.txt). Here's how it affects BoringSSL:

	CVE \| Summary \| [Severity] in OpenSSL \| Impact to BoringSSL
	----\|---------\|-----------------------\|---------------------
	CVE-2016-6304 \| OCSP Status Request extension unbounded memory growth \| High \| Not affected; buggy code was removed.
	CVE-2016-6305 \| SSL_peek() hang on empty record \| Moderate \| Not affected; regression introduced after fork. (Added [test](https://boringssl-review.googlesource.com/c/11090/) anyway.)
	CVE-2016-2183 \| SWEET32 Mitigation \| Low \| Not practical to do anything right now or of much interest (bulk ciphers do not affect downgrade and HIGH/MEDIUM aren't useful APIs for server operators).
	CVE-2016-6303 \| OOB write in MDC2_Update \| Low \| Not affected; buggy code was removed.
	CVE-2016-6302 \| Malformed SHA512 ticket DoS \| Low \| Not affected; independently fixed in [April 2015](https://boringssl.googlesource.com/boringssl/+/adcc39560e638d0e9866dac698d64370d1c0abef).
	CVE-2016-2182 \| OOB write in BN_bn2dec \| Low \| Fix imported [August 2016](https://boringssl.googlesource.com/boringssl/+/958aaf1ea1b481e8ef32970d5b0add80504be4b2) (and then [rewritten](https://boringssl.googlesource.com/boringssl/+/7c040756178e14a4d181b6d93abb3827c93189c4)).
	CVE-2016-2180 \| OOB read in TS_OBJ_print_bio \| Low \| Not affected; buggy code was removed.
	CVE-2016-2177 \| Pointer arithmetic undefined behavior \| Low \| Not affected; buggy code was rewritten.
	CVE-2016-2178 \| Constant time flag not preserved in DSA signing \| Low \| Fix imported [June 2016](https://boringssl.googlesource.com/boringssl/+/26b7c35d8c78065a57c93a01d95b31eb85de51b9).
	CVE-2016-2179 \| DTLS buffered message DoS \| Low \| Not affected; buggy code was removed.
	CVE-2016-2181 \| DTLS replay protection DoS \| Low \| Not affected; buggy code was removed.
	CVE-2016-6306 \| Certificate message OOB reads \| Low \| Not affected; buggy code was rewritten.
	CVE-2016-6307 \| Excessive allocation of memory on TLS messages \| Low \| Not affected; regression introduced after fork.
	CVE-2016-6308 \| Excessive allocation of memory on DTLS messages \| Low \| Not affected; regression introduced after fork.

	[Severity]: https://openssl-library.org/policies/general/security-policy/index.html#issue-severity