Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.
https://exchange.xforce.ibmcloud.com/vulnerabilities/17642
http://www.securityfocus.com/bid/11347
http://www.monkey.org/openbsd/archive/ports/0407/msg00265.html
http://www.mandriva.com/security/advisories?name=MDKSA-2005:054