The OpenSSL project has released OpenSSL version 1.1.0c that addresses three security vulnerabilities in its software. The most serious of all is a heap-based buffer overflow bug related to Transport Layer Security (TLS) connections using *-CHACHA20-POLY1305 cipher suites. The vulnerability, reported by Robert ..wi..cki of the Google Security Team, can lead to DoS attack by corrupting larger payloads, resulting in a crash of OpenSSL.
Source: https://thehackernews.com/2016/11/openssl-patch-update.html