Importing a key with a specially formatted large list of AEAD algorithms can lead to array overflow and crash or undefined behavior. It is noted that the creation of an exploit that leads not only to crash is a difficult task, but such a possibility is not excluded. The main difficulty in developing an exploit is that the attacker can only control every second byte of the sequence, and the first byte always takes the value 0x04. Software distribution systems with digital key verification are safe because they use a predefined list of keys.
Source: opennet.ru