| # OpenSSL Advisory: November 2nd, 2017 (BoringSSL Not Affected) |
| |
| OpenSSL have published a [security advisory](https://www.openssl.org/news/secadv/20171102.txt). Here's how it affects BoringSSL: |
| |
| CVE | Summary | [Severity] in OpenSSL | Impact to BoringSSL |
| ----|---------|-----------------------|--------------------- |
| CVE-2017-3736 | bn_sqrx8x_internal carry bug on x86_64 | Moderate | Not affected, affected code is not enabled in BoringSSL. See discussion below. |
| CVE-2017-3735 | Malformed X.509 IPAddressFamily could cause OOB read | Low | Not affected, affected code was removed in fork |
| |
| |
| [Severity]: https://openssl-library.org/policies/general/security-policy/index.html#issue-severity |
| |
| ## CVE-2017-3736 |
| |
| The code was [enabled](https://boringssl.googlesource.com/boringssl/+/488ca0eacefd3bc8c7570e8ed5053f4a49451419) briefly at BoringSSL head on 2017-08-14, but it was [reverted](https://boringssl.googlesource.com/boringssl/+/874c73804a4bbcb169acb8971f111b449fa44eaf) 24 hours later when we learned of the bug. |
