Format String Vulnerability
Description
The software uses a function that accepts a format string as an argument, but the format string originates from an external source. This can lead to buffer overflows, denial of service, or data representation problems.
Examples
Insecure Code
c
printf(user_input);Secure Code
c
printf("%s", user_input);Remediation
Validate and sanitize all external input used in format strings to prevent malicious formatting.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0644 |
| Category | Injection |
| Severity | CRITICAL |
| CWE | CWE-134 |
| Confidence | MEDIUM |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | format string, buffer overflow |
| OWASP | N/A |
References
- https://www.sei.cmu.edu/downloads/sei-cert-c-coding-standard-2016-v01.pdf
- https://julianor.tripod.com/bc/formatstring-1.2.pdf
- https://cwe.mitre.org/data/definitions/134
- https://g.co/kgs/PCHQjJ
- http://phrack.org/issues/70/13.html#article