The vulnerabilities were discovered by David Benjamin using the OSS-Fuzz fuzzing service. They were tracked as CVE-2017-3737 and CVE-2018-3738. They are the fourth OpenSSL security update in 2017, and it will likely be the last one. An overflow bug in AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli is very difficult to trigger in a real attack scenario. This is the fourth update to OpenSSL in 2017 and is likely the last.”]
Source: http://securityaffairs.co/wordpress/66469/hacking/openssl-flaw-2.html