Quoting form the OpenSSL upstream advisory:
ChaCha20/Poly1305 heap-buffer-overflow (CVE-2016-7054)
TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS
attack by corrupting larger payloads. This can result in an OpenSSL crash. This
issue is not considered to be exploitable beyond a DoS.
OpenSSL 1.1.0 users should upgrade to 1.1.0c
This issue does not affect OpenSSL versions prior to 1.1.0
This issue was reported to OpenSSL on 25th September 2016 by Robert
Święcki (Google Security Team), and was found using honggfuzz. The fix
was developed by Richard Levitte of the OpenSSL development team.
Name: the OpenSSL project
Upstream: Robert Święcki (Google Security Team)