CWE-134
Use of Externally-Controlled Format String
Description
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
Parent Weaknesses (ChildOf)
Related Weaknesses
Common Consequences
Scope
Impact
Read Memory
Scope
Impact
Modify Memory, Execute Unauthorized Code or Commands
Potential Mitigations
Choose a language that is not subject to this flaw.
Ensure that all format string functions are passed a static string which cannot be controlled by the user, and that the proper number of arguments are always sent to that function as well. If at all possible, use functions that do not support the %n operator in format strings. [REF-116] [REF-117]
Run compilers and linkers with high warning levels, since they may detect incorrect usage.
CVE-2002-1825format string in Perl program
CVE-2001-0717format string in bad call to syslog function
CVE-2002-0573format string in bad call to syslog function
CVE-2002-1788format strings in NNTP server responses
CVE-2006-2480Format string vulnerability exploited by triggering errors or warnings, as demonstrated via format string specifiers in a .bmp filename.
CVE-2007-2027Chain: untrusted search path enabling resultant format string by loading malicious internationalization messages
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now