CWE-134

BaseDraft

Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

109 linked vulnerabilities

4 related weaknesses

Requirements

Choose a language that is not subject to this flaw.

Implementation

Ensure that all format string functions are passed a static string which cannot be controlled by the user, and that the proper number of arguments are always sent to that function as well. If at all possible, use functions that do not support the %n operator in format strings. [REF-116] [REF-117]

Build and Compilation

Run compilers and linkers with high warning levels, since they may detect incorrect usage.

Confidentiality

Read Memory

Format string problems allow for information disclosure which can severely simplify exploitation of the program.

Integrity

Confidentiality

Availability

Modify Memory

Execute Unauthorized Code or Commands

Format string problems can result in the execution of arbitrary code, buffer overflows, denial of service, or incorrect data representation.

Automated Static Analysis

This weakness can often be detected using automated static analysis tools. Many modern tools use data flow analysis or constraint-based techniques to minimize the number of false positives.

Black Box

Effectiveness: Limited

Since format strings often occur in rarely-occurring erroneous conditions (e.g. for error message logging), they can be difficult to detect using black box methods. It is highly likely that many latent issues exist in executables that do not have associated source code (or equivalent source.

Automated Static Analysis - Binary or Bytecode

Effectiveness: High

According to SOAR [REF-1479], the following detection techniques may be useful:

Manual Static Analysis - Binary or Bytecode

Effectiveness: SOAR Partial

According to SOAR [REF-1479], the following detection techniques may be useful: