The function ASN1_STRING_print_ex does not properly validate the lengths of BMPString or UniversalString objects before attempting to print them. Remotely exploitable bug in openssl
trunk/crypto/openssl/crypto/asn1/asn1.h