BaseDraft
CWE-134Use of Externally-Controlled Format String
Category: other
Description
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
Common consequences· 2
- Confidentiality — Read MemoryFormat string problems allow for information disclosure which can severely simplify exploitation of the program.
- Integrity / Confidentiality / Availability — Modify Memory, Execute Unauthorized Code or CommandsFormat string problems can result in the execution of arbitrary code, buffer overflows, denial of service, or incorrect data representation.
Potential mitigations· 3
- [Requirements]Choose a language that is not subject to this flaw.
- [Implementation]Ensure that all format string functions are passed a static string which cannot be controlled by the user, and that the proper number of arguments are always sent to that function as well. If at all possible, use functions that do not support the %n operator in format strings. [REF-116] [REF-117]
- [Build and Compilation]Run compilers and linkers with high warning levels, since they may detect incorrect usage.
Related CAPEC attack patterns· 2
References
Exploits (incoming)2
| Type | Target | Confidence | Tier |
|---|---|---|---|
| AttackPattern | Format String Injectioncapec-135 | 100% | live |
| AttackPattern | String Format Overflow in syslog()capec-67 | 100% | live |
(incoming)12
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Vulnerability | CVE-2025-22482cve-2025-22482 | 0% | live |
| Vulnerability | CVE-2025-24359cve-2025-24359 | 0% | live |
| Vulnerability | CVE-2025-30269cve-2025-30269 | 0% | live |
| Vulnerability | CVE-2025-36202cve-2025-36202 | 0% | live |
| Vulnerability | CVE-2025-40600cve-2025-40600 | 0% | live |
| Vulnerability | CVE-2025-46121cve-2025-46121 | 0% | live |
| Vulnerability | CVE-2025-48826cve-2025-48826 | 0% | live |
| Vulnerability | CVE-2025-55298cve-2025-55298 | 0% | live |
| Vulnerability | CVE-2026-33210cve-2026-33210 | 0% | live |
| KEVEntry | Palo Alto Networks PAN-OS Remote Code Execution Vulnerabilitykev-cve-2019-1579 | 0% | live |
| KEVEntry | Cisco IOS XR Software Discovery Protocol Format String Vulnerabilitykev-cve-2020-3118 | 0% | live |
| KEVEntry | Fortinet Multiple Products Format String Vulnerabilitykev-cve-2024-23113 | 0% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.