In file crypto/ec/eck_prn.c, if the function print_bin is called with len >= 15 and off >= 124, we would eventually hit line 261:
memset( &(str[1]), ' ', off + 4 ); which would write >= 128 bytes into a 127-byte buffer. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4656 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev