Debian Security Advisory 1807-1 – James Ralston discovered that the sasl_encode64() function of cyrus-sasl2, a free library implementing the Simple Authentication and Security Layer, suffers from a missing null termination in certain situations. This causes several buffer overflows in situations where cyrus-sasl2 itself requires the string to be null terminated which can lead to denial of service or arbitrary code execution.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/77977/dsa-1807-1.txt
Source: https://packetstormsecurity.com/files/77977/Debian-Linux-Security-Advisory-1807-1.html