diff --git a/apps/passwd.c b/apps/passwd.c
index 0a02d546996ac0..d794b6e341121d 100644
--- a/apps/passwd.c
+++ b/apps/passwd.c
@@ -589,7 +589,8 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt)
     OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf));
     if (rounds_custom) {
         char tmp_buf[80]; /* "rounds=999999999" */
-        sprintf(tmp_buf, "rounds=%u", rounds);
+
+        snprintf(tmp_buf, sizeof(tmp_buf), "rounds=%u", rounds);
 #ifdef CHARSET_EBCDIC
         /* In case we're really on a ASCII based platform and just pretend */
         if (tmp_buf[0] != 0x72)  /* ASCII 'r' */
diff --git a/apps/speed.c b/apps/speed.c
index db0327187d560d..8c644208344317 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -2624,13 +2624,13 @@ int speed_main(int argc, char **argv)
     if (doit[D_HMAC]) {
         static const char hmac_key[] = "This is a key...";
         int len = strlen(hmac_key);
+        size_t hmac_name_len = sizeof("hmac()") + strlen(evp_mac_mdname);
         OSSL_PARAM params[3];
 
         if (evp_mac_mdname == NULL)
             goto end;
-        evp_hmac_name = app_malloc(sizeof("hmac()") + strlen(evp_mac_mdname),
-                                   "HMAC name");
-        sprintf(evp_hmac_name, "hmac(%s)", evp_mac_mdname);
+        evp_hmac_name = app_malloc(hmac_name_len, "HMAC name");
+        snprintf(evp_hmac_name, hmac_name_len, "hmac(%s)", evp_mac_mdname);
         names[D_HMAC] = evp_hmac_name;
 
         params[0] =
@@ -2894,6 +2894,7 @@ int speed_main(int argc, char **argv)
     }
 
     if (doit[D_EVP_CMAC]) {
+        size_t len = sizeof("cmac()") + strlen(evp_mac_ciphername);
         OSSL_PARAM params[3];
         EVP_CIPHER *cipher = NULL;
 
@@ -2906,9 +2907,8 @@ int speed_main(int argc, char **argv)
             BIO_printf(bio_err, "\nRequested CMAC cipher with unsupported key length.\n");
             goto end;
         }
-        evp_cmac_name = app_malloc(sizeof("cmac()")
-                                   + strlen(evp_mac_ciphername), "CMAC name");
-        sprintf(evp_cmac_name, "cmac(%s)", evp_mac_ciphername);
+        evp_cmac_name = app_malloc(len, "CMAC name");
+        snprintf(evp_cmac_name, len, "cmac(%s)", evp_mac_ciphername);
         names[D_EVP_CMAC] = evp_cmac_name;
 
         params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_CIPHER,
diff --git a/crypto/dso/dso_dlfcn.c b/crypto/dso/dso_dlfcn.c
index 76737fa7b8cdeb..fe3e0ebef4c489 100644
--- a/crypto/dso/dso_dlfcn.c
+++ b/crypto/dso/dso_dlfcn.c
@@ -265,11 +265,11 @@ static char *dlfcn_name_converter(DSO *dso, const char *filename)
     }
     if (transform) {
         if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
-            sprintf(translated, "lib%s" DSO_EXTENSION, filename);
+            snprintf(translated, rsize, "lib%s" DSO_EXTENSION, filename);
         else
-            sprintf(translated, "%s" DSO_EXTENSION, filename);
+            snprintf(translated, rsize, "%s" DSO_EXTENSION, filename);
     } else
-        sprintf(translated, "%s", filename);
+        snprintf(translated, rsize, "%s", filename);
     return translated;
 }
 
diff --git a/test/cmactest.c b/test/cmactest.c
index 63613296121615..cd27d39f2eed11 100644
--- a/test/cmactest.c
+++ b/test/cmactest.c
@@ -333,7 +333,7 @@ static char *pt(unsigned char *md, unsigned int len)
     static char buf[80];
 
     for (i = 0; i < len; i++)
-        sprintf(&(buf[i * 2]), "%02x", md[i]);
+        snprintf(&(buf[i * 2]), sizeof(buf), "%02x", md[i]);
     return buf;
 }
 
diff --git a/test/drbgtest.c b/test/drbgtest.c
index 8fe6c838143352..2f64ac02203d5b 100644
--- a/test/drbgtest.c
+++ b/test/drbgtest.c
@@ -417,7 +417,7 @@ static int test_rand_reseed_on_fork(EVP_RAND_CTX *primary,
 
         presult[0].pindex = presult[1].pindex = i;
 
-        sprintf(presult[0].name, "child %d", i);
+        snprintf(presult[0].name, sizeof(presult[0].name), "child %d", i);
         strcpy(presult[1].name, presult[0].name);
 
         /* collect the random output of the children */
diff --git a/test/enginetest.c b/test/enginetest.c
index 8ba999b0176bc9..596ac1067c6f3c 100644
--- a/test/enginetest.c
+++ b/test/enginetest.c
@@ -147,9 +147,9 @@ static int test_engines(void)
 
     TEST_info("About to beef up the engine-type list");
     for (loop = 0; loop < NUMTOADD; loop++) {
-        sprintf(buf, "id%d", loop);
+        snprintf(buf, sizeof(buf), "id%d", loop);
         eid[loop] = OPENSSL_strdup(buf);
-        sprintf(buf, "Fake engine type %d", loop);
+        snprintf(buf, sizeof(buf), "Fake engine type %d", loop);
         ename[loop] = OPENSSL_strdup(buf);
         if (!TEST_ptr(block[loop] = ENGINE_new())
                 || !TEST_true(ENGINE_set_id(block[loop], eid[loop]))
diff --git a/test/hmactest.c b/test/hmactest.c
index 9b16b964de2512..04acbb467f470b 100644
--- a/test/hmactest.c
+++ b/test/hmactest.c
@@ -284,7 +284,7 @@ static char *pt(unsigned char *md, unsigned int len)
     if (md == NULL)
         return NULL;
     for (i = 0; i < len; i++)
-        sprintf(&(buf[i * 2]), "%02x", md[i]);
+        snprintf(&(buf[i * 2]), sizeof(buf), "%02x", md[i]);
     return buf;
 }
 # endif
diff --git a/test/p_test.c b/test/p_test.c
index b27a38c13e30e4..61301796f8e8fd 100644
--- a/test/p_test.c
+++ b/test/p_test.c
@@ -114,11 +114,11 @@ static int p_get_params(void *provctx, OSSL_PARAM params[])
                     const char *versionp = *(void **)counter_request[0].data;
                     const char *namep = *(void **)counter_request[1].data;
 
-                    sprintf(buf, "Hello OpenSSL %.20s, greetings from %s!",
+                    snprintf(buf, sizeof(buf), "Hello OpenSSL %.20s, greetings from %s!",
                             versionp, namep);
                 }
             } else {
-                sprintf(buf, "Howdy stranger...");
+                snprintf(buf, sizeof(buf), "Howdy stranger...");
             }
 
             p->return_size = buf_l = strlen(buf) + 1;
diff --git a/test/pkcs12_format_test.c b/test/pkcs12_format_test.c
index 9898c1c0b71d2d..7ead4566a42683 100644
--- a/test/pkcs12_format_test.c
+++ b/test/pkcs12_format_test.c
@@ -365,7 +365,7 @@ static int test_single_key(PKCS12_ENC *enc)
     char fname[80];
     PKCS12_BUILDER *pb;
 
-    sprintf(fname, "1key_ciph-%s_iter-%d.p12", OBJ_nid2sn(enc->nid), enc->iter);
+    snprintf(fname, sizeof(fname), "1key_ciph-%s_iter-%d.p12", OBJ_nid2sn(enc->nid), enc->iter);
 
     pb = new_pkcs12_builder(fname);
 
@@ -464,7 +464,7 @@ static int test_single_cert_mac(PKCS12_ENC *mac)
     char fname[80];
     PKCS12_BUILDER *pb;
 
-    sprintf(fname, "1cert_mac-%s_iter-%d.p12", OBJ_nid2sn(mac->nid), mac->iter);
+    snprintf(fname, sizeof(fname), "1cert_mac-%s_iter-%d.p12", OBJ_nid2sn(mac->nid), mac->iter);
 
     pb = new_pkcs12_builder(fname);
 
@@ -624,7 +624,7 @@ static int test_single_secret(PKCS12_ENC *enc)
     char fname[80];
     PKCS12_BUILDER *pb;
 
-    sprintf(fname, "1secret_ciph-%s_iter-%d.p12", OBJ_nid2sn(enc->nid), enc->iter);
+    snprintf(fname, sizeof(fname), "1secret_ciph-%s_iter-%d.p12", OBJ_nid2sn(enc->nid), enc->iter);
     pb = new_pkcs12_builder(fname);
     custom_nid = get_custom_oid();
 
diff --git a/test/sslapitest.c b/test/sslapitest.c
index 8006fb21a66c80..dbb311f8ef4b6d 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -190,7 +190,7 @@ static int compare_hex_encoded_buffer(const char *hex_encoded,
         return 1;
 
     for (i = j = 0; i < raw_length && j + 1 < hex_length; i++, j += 2) {
-        sprintf(hexed, "%02x", raw[i]);
+        snprintf(hexed, sizeof(hexed), "%02x", raw[i]);
         if (!TEST_int_eq(hexed[0], hex_encoded[j])
                 || !TEST_int_eq(hexed[1], hex_encoded[j + 1]))
             return 1;