diff --git a/NEWS b/NEWS
index 1cdc4383..d00f45f7 100644
--- a/NEWS
+++ b/NEWS
@@ -57,6 +57,7 @@ NEWS
   * [core] lighttpd -tt performs preflight startup checks (fixes #411)
   * [stat] mimetype.xattr-name global config option (fixes #2631)
   * [mod_webdav] allow Depth: Infinity lock on file (fixes #2296)
+  * [mod_status] use snprintf() instead of sprintf()
 
 - 1.4.39 - 2016-01-02
   * [core] fix memset_s call (fixes #2698)
diff --git a/src/mod_status.c b/src/mod_status.c
index 90308ef5..82326281 100644
--- a/src/mod_status.c
+++ b/src/mod_status.c
@@ -368,7 +368,7 @@ static handler_t mod_status_handle_server_status_html(server *srv, connection *c
 
 	mod_status_get_multiplier(&avg, &multiplier, 1024);
 
-	sprintf(buf, "%.2f", avg);
+	snprintf(buf, sizeof(buf), "%.2f", avg);
 	buffer_append_string(b, buf);
 	buffer_append_string_len(b, CONST_STR_LEN(" "));
 	if (multiplier)	buffer_append_string_len(b, &multiplier, 1);
@@ -393,7 +393,7 @@ static handler_t mod_status_handle_server_status_html(server *srv, connection *c
 
 	mod_status_get_multiplier(&avg, &multiplier, 1024);
 
-	sprintf(buf, "%.2f", avg);
+	snprintf(buf, sizeof(buf), "%.2f", avg);
 	buffer_append_string(b, buf);
 	buffer_append_string_len(b, CONST_STR_LEN(" "));
 	if (multiplier)	buffer_append_string_len(b, &multiplier, 1);
@@ -428,7 +428,7 @@ static handler_t mod_status_handle_server_status_html(server *srv, connection *c
 
 	mod_status_get_multiplier(&avg, &multiplier, 1024);
 
-	sprintf(buf, "%.2f", avg);
+	snprintf(buf, sizeof(buf), "%.2f", avg);
 	buffer_append_string(b, buf);
 	buffer_append_string_len(b, CONST_STR_LEN(" "));
 	if (multiplier)	buffer_append_string_len(b, &multiplier, 1);