The first round of security updates released in 2018 for OpenSSL patch a total of three vulnerabilities, but none of them appears to be serious.
OpenSSL versions 1.1.0h and 1.0.2o patch CVE-2018-0739, a denial-of-service (DoS) vulnerability discovered using Google’s OSS-Fuzz service, which has helped find several flaws in OpenSSL in the past period.
The security hole, rated “moderate,” is related to constructed ASN.1 types with a recursive definition.
“Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion,” …read more
Via:: Security Week