Stack-based buffer overflow in tmsnc allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an MSN packet with a UBX command containing a large UBX payload length field.