It ultimately arrived as a "high" security fix for a buffer overflow, one that affects all OpenSSL 3.x installations, but is unlikely to lead to remote code execution.

This is an example of a buffer overflow, one of the most persistent types of security problems that appears endlessly in lists of security vulnerabilities.