This is a vulnerability in the specific implementation from eXtended Keccak Code Package (XKCP). It’s a buffer-overflow that allows attackers to control memory. OpenSSL isn’t vulnerable. Other implementations may be vulnerable, but it seems pretty specific to XKCP.