...
The Internet Systems Consortium's (ISC) Dynamic Host Configuration Protocol (DHCP) contained a vulnerability that introduced several potential buffer overflow conditions [VU#654390]. ISC DHCP makes use of the vsnprintf() function for writing various log file strings, which is defined in the Open Group Base Specifications Issue 6 [Open Group 2004] as well as in the C Standard [ISO/IEC 9899:2011]. For systems that do not support vsnprintf(), a C include file was created that defines the vsnprintf() function to vsprintf(), as shown in this noncompliant code example:
...
| CERT C++ Secure Coding Standard | PRE09-CPP. Do not replace secure functions with less secure functions |
|---|---|
| ISO/IEC TR 24772 | Executing or loading untrusted code [XYS] |
| MITRE CWE | CWE-684, Failure to provide specified functionality |
Bibliography
...
| [Open Group 2004] | vsnprintf() |
| [Seacord 2005a] | Chapter 6, "Formatted Output" |
| [VU#654390] |
...