SILC Toolkit 1.1.8 fixed following issue:
ASN1: Fix stack variable overwrite when encoding OID.
The call to sscanf specifies a format string of "%lu", a long unsigned
int. The pointer argument was cast to unsigned long *, but this is
wrong for 64 bit systems. On 64 bit systems, unsigned long is 64 bits,
but the oid value is a SilcUInt32 on all systems. As a result, sscanf
will overwrite a neighboring variable on the stack. Fix this by
changing the format string to "%u" and removing the cast.
This problem is already fixed in Fedora libsilc packages, which are based on fixed 1.1.8 version.
Version of libsilc shipped in Red Hat Enterprise Linux 4 and 5 do not contain affected code and hence are not affected by this problem.