FreeBSD Security Advisory – The function ASN1_STRING_print_ex does not properly validate the lengths of BMPString or UniversalString objects before attempting to print them. An application which attempts to print a BMPString or UniversalString which has an invalid length will crash as a result of OpenSSL accessing invalid memory locations. This could be used by an attacker to crash a remote application.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/76916/FreeBSD-SA-09-08.openssl.txt
Source: https://packetstormsecurity.com/files/76916/FreeBSD-Security-Advisory-OpenSSL.html