SILC Toolkit 1.1.8 fixed following issue: http://silcnet.org/docs/changelog/SILC%20Toolkit%201.1.8 ASN1: Fix stack variable overwrite when encoding OID. The call to sscanf specifies a format string of "%lu", a long unsigned int. The pointer argument was cast to unsigned long *, but this is wrong for 64 bit systems. On 64 bit systems, unsigned long is 64 bits, but the oid value is a SilcUInt32 on all systems. As a result, sscanf will overwrite a neighboring variable on the stack. Fix this by changing the format string to "%u" and removing the cast. Upstream fix: http://git.silcnet.org/gitweb/?p=silc.git;a=commitdiff;h=ebfe5dc8641467efea3506a4797a2b1260b2da55 This problem is already fixed in Fedora libsilc packages, which are based on fixed 1.1.8 version. Version of libsilc shipped in Red Hat Enterprise Linux 4 and 5 do not contain affected code and hence are not affected by this problem.