Buffer overflow in the validateospheader function in the Open Settlement Protocol (OSP) module in OpenSER 1.1.0 and earlier allows remote attackers to execute arbitrary code via a crafted OSP header.