...
The Internet Systems Consortium's (ISC) Dynamic Host Configuration Protocol (DHCP) contained a vulnerability that introduced several potential buffer overflow conditions [VU#654390]. ISC DHCP makes use of the vsnprintf() function for writing various log file strings; vsnprintf() is defined in the Standard for Information Technology—Portable the Portable Operating System Interface (POSIX®POSIX®), Base Specifications, Issue 7 [IEEE Std 1003.1:2013] as well as in the C Standard. For systems that do not support vsnprintf(), a C include file was created that defines the vsnprintf() function to vsprintf(), as shown in this noncompliant code example:
...
Bibliography
| [IEEE Std 1003.1:2013] | XSH, System Interfaces, vsnprintf, vsprintf — Format Output of a stdarg Argument List |
| [Seacord 2013] | Chapter 6, "Formatted Output" |
| [VU#654390] |
...