Standardlikelihood: Highseverity: HighDraft

CAPEC-135Format String Injection

Abstraction
Standard
Status
Draft
Likelihood
High
Severity
High

Description

An adversary includes formatting characters in a string input field on the target application. Most applications assume that users will provide static text and may respond unpredictably to the presence of formatting character. For example, in certain functions of the C programming languages such as printf, the formatting character %s will print the contents of a memory location expecting this location to identify a string and the formatting character %n prints the number of DWORD written in the memory. An adversary can use this to read or write to memory locations or files, or simply to manipulate the value of the resulting text in unexpected ways. Reading or writing memory may result in program crashes and writing memory could result in the execution of arbitrary code if the adversary can write to the program stack.

Related weaknesses· 3

CWE-134CWE-20CWE-74

Related attack patterns· 1

CAPEC-137 (ChildOf)

Exploits3

TypeTargetConfidenceTier
WeaknessImproper Input Validationcwe-20100%live
WeaknessUse of Externally-Controlled Format Stringcwe-134100%live
WeaknessImproper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')cwe-74100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
String Format Overflow in syslog()
CAPEC
Command Injection
CAPEC
Code Injection
CAPEC
OS Command Injection
CAPEC
Input Data Manipulation
CAPEC
Overflow Buffers
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.