Signed/unsigned conversion bug during processing of NFSv3 XDR data leads to buffer overflow.
vulners.com/securityvulns/securityvulns:doc:4911