blob: 660f839c9f663519a1e45dfd4ff9fed7e304d21e [file] [view]
# OpenSSL Advisory: September 30th, 2025 (BoringSSL Not Affected)
OpenSSL have published a [security advisory](https://openssl-library.org/news/secadv/20250930.txt). Here's how it affects BoringSSL:
CVE | Summary | [Severity] in OpenSSL | Impact to BoringSSL
----|---------|-----------------------|---------------------
CVE-2025-9230 | Out-of-bounds read & write in RFC 3211 KEK Unwrap | Moderate | Not affected, impacted code was removed from BoringSSL in the initial fork
CVE-2025-9231 | Timing side-channel in SM2 algorithm on 64 bit ARM | Moderate | Not affected, issue was introduced after fork
CVE-2025-9232 | Out-of-bounds read in HTTP client no_proxy handling | Low | Not affected, issue was introduced after fork
[Severity]: https://openssl-library.org/policies/general/security-policy/index.html#issue-severity