blob: 3c21b85966b95d65f9c228f9b103598d05f337a7 [file] [view]
# OpenSSL Advisory: May 3rd, 2022 (BoringSSL Not Affected)
OpenSSL have published a [security advisory](https://mta.openssl.org/pipermail/openssl-announce/2022-May/000224.html). Here's how it affects BoringSSL:
CVE | Summary | [Severity] in OpenSSL | Impact to BoringSSL
----|---------|-----------------------|---------------------
CVE-2022-1292 | Failure to escape shell metacharacters. | Moderate | Not affected. BoringSSL does not contain this script.
CVE-2022-1343 | False-positive OCSP validation if OCSP_NOCHECKS set. | Moderate | Not affected. BoringSSL does not contain this code.
CVE-2022-1434 | RC4-MD5 ciphersuite used AAD as MAC key. | Low | Not affected. BoringSSL does not contain the affected code.
CVE-2022-1473 | Memory leak in OPENSSL_LH_flush | Low | Not affected. BoringSSL does not contain the affected code.
[Severity]: https://openssl-library.org/policies/general/security-policy/index.html#issue-severity