...
The Internet Systems Consortium's (ISC) Dynamic Host Configuration Protocol (DHCP) contained a vulnerability that introduced several potential buffer overflow conditions [VU#654390]. ISC DHCP makes use of the vsnprintf() function for writing various log file strings, which is defined in the Open Group Base Specifications Issue 6 [Open Group 2004] as well as C11 [ISO/IEC 9899:2011]. For systems that do not support vsnprintf(), a C include file was created that defines the vsnprintf() function to vsprintf(), as shown in this noncompliant code example:
...
CERT C++ Secure Coding Standard: PRE09-CPP. Do not replace secure functions with less secure functions
ISO/IEC 9899:2011 Section Section 7.21.6.12, "The vsnprintf function"
...