...
The Internet Systems Consortium's (ISC) Dynamic Host Configuration Protocol (DHCP) contained a vulnerability that introduced several potential buffer overflow conditions [VU#654390]. ISC DHCP makes use of the vsnprintf() function for writing various log file strings, which is defined in the Open Group Base Specifications Issue 6 [Open Group 2004] as well as C11 in the C Standard [ISO/IEC 9899:2011]. For systems that do not support vsnprintf(), a C include file was created that defines the vsnprintf() function to vsprintf(), as shown in this noncompliant code example:
...
The vsprintf() function does not check bounds. Consequently, size is discarded, creating the potential for a buffer overflow when untrusted data is used.
...