CWE-134Use of Externally-Controlled Format String

PUBLISHEDweakness recordHigh
released 2006-07-19 · last modified 2025-12-11
CWE-134 - Use of Externally-Controlled Format String - Diagram

Metadata

CWE ID:
CWE-134
摘要:
Base
结构:
Simple
状态:
Draft
发布日期:
2006-07-19
更新日期:
2025-12-11

名称

Use of Externally-Controlled Format String

描述

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

常见后果

范围:
Confidentiality
影响:
Read Memory
注释:
Format string problems allow for information disclosure which can severely simplify exploitation of the program.
范围:
Integrity, Confidentiality, Availability
影响:
Modify Memory, Execute Unauthorized Code or Commands
注释:
Format string problems can result in the execution of arbitrary code, buffer overflows, denial of service, or incorrect data representation.

相关 CWE

相关警报