OpenSSL have published a pair of security advisories (1, 2). Here's how they affect BoringSSL:
| CVE | Summary | Severity in OpenSSL | Impact to BoringSSL |
|---|---|---|---|
| CVE-2023-6129 | POLY1305 MAC implementation corrupts vector registers on PowerPC | Low | Not affected; issue was introduced after fork. BoringSSL also does not support PowerPC. |
| CVE-2023-6237 | Excessive time spent checking invalid RSA public keys | Low | Not affected; issue was introduced after fork. BoringSSL also applies RSA size limits at an earlier point to reduce DoS risks. |