sscanf() is used for data wich is not NULL-terminated.
vulners.com/securityvulns/securityvulns:doc:11199