There is an interesting bug within wpa_supplicant's ASN.1 parsing. Usually, it uses the OpenSSL
libraray to obtain and parse the X509 certificates. However, it can be compiled to use built-in
X509 e.g. ASN.1 parsing routines to do so. Nearly all X509 functions use
asn1_get_next(). There is a buffer overflow condition within this function. Found it?
Make a comment!
P.S. Our packages do not use the vulnerable parsing code.
P.P.S. Puzzle-solving coming soon :-)