diff --git a/src/common/inc/string_utilities.h b/src/common/inc/string_utilities.h
index 3e55f92..9126701 100644
--- a/src/common/inc/string_utilities.h
+++ b/src/common/inc/string_utilities.h
@@ -47,11 +47,14 @@ createString(int count, ...);
  * to concatenate.
  */
 char*
-createStringInBuffer(char* buffer, int count, ...);
+StringUtils_createStringInBuffer(char* buffer, int count, ...);
 
 char*
 createStringFromBuffer(const uint8_t* buf, int size);
 
+char*
+StringUtils_createStringFromBufferInBuffer(char* newString, const uint8_t* buf, int size);
+
 void
 StringUtils_replace(char* string, char oldChar, char newChar);
 
diff --git a/src/common/string_utilities.c b/src/common/string_utilities.c
index 82ea08e..a7dead6 100644
--- a/src/common/string_utilities.c
+++ b/src/common/string_utilities.c
@@ -71,9 +71,18 @@ createStringFromBuffer(const uint8_t* buf, int size)
 	return newStr;
 }
 
+char*
+StringUtils_createStringFromBufferInBuffer(char* newString, const uint8_t* buf, int size)
+{
+    memcpy(newString, buf, size);
+    newString[size] = 0;
+
+    return newString;
+}
+
 
 char*
-createStringInBuffer(char* newStr, int count, ...)
+StringUtils_createStringInBuffer(char* newStr, int count, ...)
 {
     va_list ap;
     char* currentPos = newStr;
diff --git a/src/iec61850/server/mms_mapping/control.c b/src/iec61850/server/mms_mapping/control.c
index 3b6e663..da5d67e 100644
--- a/src/iec61850/server/mms_mapping/control.c
+++ b/src/iec61850/server/mms_mapping/control.c
@@ -207,7 +207,7 @@ initialize(ControlObject* self)
 
         self->ctlObjectName = (char*) GLOBAL_MALLOC(130);
 
-        createStringInBuffer(self->ctlObjectName, 5, MmsDomain_getName(self->mmsDomain), "/",
+        StringUtils_createStringInBuffer(self->ctlObjectName, 5, MmsDomain_getName(self->mmsDomain), "/",
                 self->lnName, "$CO$", self->name);
 
         self->error = MmsValue_newIntegerFromInt32(0);
@@ -845,7 +845,7 @@ ControlObject_sendCommandTerminationPositive(ControlObject* self)
 {
     char itemId[68]; /* 64 characters + space for FC + separator + string terminator */
 
-    createStringInBuffer(itemId, 4, self->lnName, "$CO$", self->name, "$Oper");
+    StringUtils_createStringInBuffer(itemId, 4, self->lnName, "$CO$", self->name, "$Oper");
 
     if (DEBUG_IED_SERVER)
         printf("IED_SERVER: send CommandTermination+: %s\n", itemId);
@@ -889,7 +889,7 @@ ControlObject_sendCommandTerminationNegative(ControlObject* self)
 
     char ctlObj[130];
 
-    createStringInBuffer(ctlObj, 2, self->ctlObjectName, "$Oper");
+    StringUtils_createStringInBuffer(ctlObj, 2, self->ctlObjectName, "$Oper");
 
     MmsValue ctlObjValueMemory;
 
@@ -917,7 +917,7 @@ ControlObject_sendCommandTerminationNegative(ControlObject* self)
 
     char itemId[130];
 
-    createStringInBuffer(itemId, 4, self->lnName, "$CO$", self->name, "$Oper");
+    StringUtils_createStringInBuffer(itemId, 4, self->lnName, "$CO$", self->name, "$Oper");
 
     char* domainId = MmsDomain_getName(self->mmsDomain);
 
@@ -964,7 +964,7 @@ ControlObject_sendLastApplError(ControlObject* self, MmsServerConnection* connec
 
     char ctlObj[130];
 
-    createStringInBuffer(ctlObj, 3, self->ctlObjectName, "$", ctlVariable);
+    StringUtils_createStringInBuffer(ctlObj, 3, self->ctlObjectName, "$", ctlVariable);
 
     if (DEBUG_IED_SERVER) {
         printf("IED_SERVER: sendLastApplError:\n");
diff --git a/src/mms/iso_mms/server/mms_named_variable_list_service.c b/src/mms/iso_mms/server/mms_named_variable_list_service.c
index e12a3c0..c0325cc 100644
--- a/src/mms/iso_mms/server/mms_named_variable_list_service.c
+++ b/src/mms/iso_mms/server/mms_named_variable_list_service.c
@@ -418,7 +418,7 @@ mmsServer_handleDefineNamedVariableListRequest(
 
 static void
 createGetNamedVariableListAttributesResponse(int invokeId, ByteBuffer* response,
-		MmsNamedVariableList variableList, char* domainName)
+		MmsNamedVariableList variableList)
 {
 	MmsPdu_t* mmsPdu = mmsServer_createConfirmedResponse(invokeId);
 
@@ -497,13 +497,20 @@ mmsServer_handleGetNamedVariableListAttributesRequest(
 
 	if (request->present == ObjectName_PR_domainspecific) {
 
-		char* domainName = createStringFromBuffer(
-				request->choice.domainspecific.domainId.buf,
-				request->choice.domainspecific.domainId.size);
+	    char domainName[65];
+	    char itemName[65];
 
-		char* itemName = createStringFromBuffer(
-				request->choice.domainspecific.itemId.buf,
-				request->choice.domainspecific.itemId.size);
+	    if ((request->choice.domainspecific.domainId.size > 64) ||
+	        (request->choice.domainspecific.itemId.size > 64)) {
+	        mmsServer_createConfirmedErrorPdu(invokeId, response, MMS_ERROR_ACCESS_OTHER);
+	        goto exit_function;
+	    }
+
+	    StringUtils_createStringFromBufferInBuffer(domainName, request->choice.domainspecific.domainId.buf,
+	            request->choice.domainspecific.domainId.size);
+
+	    StringUtils_createStringFromBufferInBuffer(itemName, request->choice.domainspecific.itemId.buf,
+                request->choice.domainspecific.itemId.size);
 
 		MmsDevice* mmsDevice = MmsServer_getDevice(connection->server);
 
@@ -514,21 +521,41 @@ mmsServer_handleGetNamedVariableListAttributesRequest(
 					MmsDomain_getNamedVariableList(domain, itemName);
 
 			if (variableList != NULL)
-				createGetNamedVariableListAttributesResponse(invokeId, response, variableList, domainName);
+				createGetNamedVariableListAttributesResponse(invokeId, response, variableList);
 			else
 				mmsServer_createConfirmedErrorPdu(invokeId, response, MMS_ERROR_ACCESS_OBJECT_NON_EXISTENT);
 		}
 		else
 			mmsServer_createConfirmedErrorPdu(invokeId, response, MMS_ERROR_ACCESS_OBJECT_NON_EXISTENT);
 
+	}
+	else if (request->present == ObjectName_PR_aaspecific) {
 
-		GLOBAL_FREEMEM(domainName);
-		GLOBAL_FREEMEM(itemName);
+	    char listName[65];
+
+        if (request->choice.aaspecific.size > 64) {
+            mmsServer_createConfirmedErrorPdu(invokeId, response, MMS_ERROR_ACCESS_OTHER);
+            goto exit_function;
+        }
+
+	    StringUtils_createStringFromBufferInBuffer(listName, request->choice.aaspecific.buf,
+	            request->choice.aaspecific.size);
+
+	    MmsDevice* mmsDevice = MmsServer_getDevice(connection->server);
+
+	    MmsNamedVariableList varList = MmsServerConnection_getNamedVariableList(connection, listName);
+
+	    if (varList != NULL)
+	        createGetNamedVariableListAttributesResponse(invokeId, response, varList);
+	    else
+	        mmsServer_createConfirmedErrorPdu(invokeId, response, MMS_ERROR_ACCESS_OBJECT_NON_EXISTENT);
 	}
 	else {
 		mmsServer_createConfirmedErrorPdu(invokeId, response, MMS_ERROR_ACCESS_OBJECT_ACCESS_UNSUPPORTED);
 	}
 
+exit_function:
+
 	asn_DEF_GetVariableAccessAttributesRequest.free_struct(&asn_DEF_GetNamedVariableListAttributesRequest,
 			request, 0);
 }
diff --git a/src/mms/iso_mms/server/mms_read_service.c b/src/mms/iso_mms/server/mms_read_service.c
index 56c50b2..a9a98a6 100644
--- a/src/mms/iso_mms/server/mms_read_service.c
+++ b/src/mms/iso_mms/server/mms_read_service.c
@@ -71,7 +71,7 @@ addNamedVariableValue(MmsVariableSpecification* namedVariable, MmsServerConnecti
             for (i = 0; i < componentCount; i++) {
                 char newNameIdStr[65];
 
-                createStringInBuffer(newNameIdStr, 3, itemId, "$",
+                StringUtils_createStringInBuffer(newNameIdStr, 3, itemId, "$",
                         namedVariable->typeSpec.structure.elements[i]->name);
 
                 MmsValue* element =