Not sure why the compliance tool reports this as an OpenSSL certificate. Compliance tool was from https://www.pcirapidcomply.com/.
However, here are additional details about potential vulnerability
Description: OpenSSL - fmtstr function improperly calculates string lengths
The detected version of OpenSSL is known to have a vulnerability which allows attackers to obtain sensitive information or cause denial of service because the function |fmtstr| can do a out-of-bounds read and the function |doapr_outch| can do a out-of-bounds write when receiving large amounts of data.
Note: OpenSSL recognises this vulnerability as CVE-2016-0799, and this CVE is referenced in the Security Advisory from 01 March 2016. NVD, and some other sources, split this vulnerability into 2 CVEs: CVE-2016-0799 and CVE-2016-2842. Patch referenced in URLs section addresses both issues.
Remediation: OpenSSL has patched this vulnerability in versions 1.0.1s, and 1.0.2g. Update to one of the specified versions or the newest available version.