Format string vulnerability in scanf functions
Description
The scanf functions are used to parse input from a string, but they can be vulnerable to format string attacks if the format string is not properly sanitized. This can lead to buffer overflows and potentially allow an attacker to execute arbitrary code.
Examples
Insecure Code
c
sscanf(str, "%s", &buf);Secure Code
c
sscanf(str, "%10s", &buf);Remediation
Use a format string with a limited field width to prevent buffer overflows, such as "%10s" instead of "%s".
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0563 |
| Category | Injection |
| Severity | HIGH |
| CWE | CWE-120 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | format string vulnerability, buffer overflow |
| OWASP | A1:2017-Injection, A03:2021-Injection |