diff --git a/ext/standard/dns.c b/ext/standard/dns.c
index d56616837f6..41e90e3e924 100644
--- a/ext/standard/dns.c
+++ b/ext/standard/dns.c
@@ -641,7 +641,7 @@ static uint8_t *php_parserr(uint8_t *cp, uint8_t *end, querybuf *answer, int typ
 						tp[0] = ':';
 						tp++;
 					}
-					tp += sprintf((char*)tp,"%x",s);
+					tp += snprintf((char*)tp, sizeof(name) - (tp - (uint8_t *) name), "%x", s);
 				} else {
 					if (!have_v6_break) {
 						have_v6_break = 1;
@@ -686,7 +686,7 @@ static uint8_t *php_parserr(uint8_t *cp, uint8_t *end, querybuf *answer, int typ
 						tp[0] = ':';
 						tp++;
 					}
-					sprintf((char*)tp, "%x", cp[0] & 0xFF);
+					snprintf((char*)tp, sizeof(name) - (tp - (uint8_t *) name), "%x", cp[0] & 0xFF);
 				} else {
 					if (!have_v6_break) {
 						have_v6_break = 1;
@@ -711,7 +711,7 @@ static uint8_t *php_parserr(uint8_t *cp, uint8_t *end, querybuf *answer, int typ
 						tp[0] = ':';
 						tp++;
 					}
-					tp += sprintf((char*)tp,"%x",s);
+					tp += snprintf((char*)tp, sizeof(name) - (tp - (uint8_t *) name),"%x",s);
 				} else {
 					if (!have_v6_break) {
 						have_v6_break = 1;
diff --git a/ext/standard/dns_win32.c b/ext/standard/dns_win32.c
index 55c6381782b..2aeedb133e0 100644
--- a/ext/standard/dns_win32.c
+++ b/ext/standard/dns_win32.c
@@ -282,7 +282,7 @@ static void php_parserr(PDNS_RECORD pRec, int type_to_fetch, int store, bool raw
 							tp[0] = ':';
 							tp++;
 						}
-						tp += sprintf((char*)tp,"%x", out[i]);
+						tp += snprintf((char*)tp, sizeof(buf) - (tp - (char *) buf), "%x", out[i]);
 					} else {
 						if (!have_v6_break) {
 							have_v6_break = 1;
diff --git a/ext/standard/password.c b/ext/standard/password.c
index 4bfc6d028ca..1e647bb301c 100644
--- a/ext/standard/password.c
+++ b/ext/standard/password.c
@@ -201,9 +201,7 @@ static zend_string* php_password_bcrypt_hash(const zend_string *password, zend_a
 	}
 	ZSTR_VAL(salt)[ZSTR_LEN(salt)] = 0;
 
-	hash = zend_string_alloc(ZSTR_LEN(salt) + hash_format_len, 0);
-	sprintf(ZSTR_VAL(hash), "%s%s", hash_format, ZSTR_VAL(salt));
-	ZSTR_VAL(hash)[hash_format_len + ZSTR_LEN(salt)] = 0;
+	hash = zend_string_concat2(hash_format, hash_format_len, ZSTR_VAL(salt), ZSTR_LEN(salt));
 
 	zend_string_release_ex(salt, 0);
 
diff --git a/ext/standard/string.c b/ext/standard/string.c
index f71c2db5972..9e9fdffd53b 100644
--- a/ext/standard/string.c
+++ b/ext/standard/string.c
@@ -3846,7 +3846,7 @@ PHPAPI zend_string *php_addcslashes_str(const char *str, size_t len, const char
 					case '\v': *target++ = 'v'; break;
 					case '\b': *target++ = 'b'; break;
 					case '\f': *target++ = 'f'; break;
-					default: target += sprintf(target, "%03o", (unsigned char) c);
+					default: target += snprintf(target, 4, "%03o", (unsigned char) c);
 				}
 				continue;
 			}