When discussing the drawbacks of gets(),
it is customary to point out that the
exploited a call to gets()
in the Unix finger daemon as one of its methods of attack.
It overflowed gets's buffer
which overwrote a return address on the stack
such that control flow transferred into the binary data.
about this FAQ list