Simon Josefsson discovered an out-of-bounds memory read in GNU SASL, an implementation of the Simple Authentication and Security Layer framework, which could result in denial of service.