Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-134 (使用外部控制的格式字符串) — Vulnerability Class 112

112 vulnerabilities classified as CWE-134 (使用外部控制的格式字符串). AI Chinese analysis included.

CWE-134 represents a critical input validation weakness where software utilizes functions accepting format strings, such as printf, with data originating from an untrusted external source. Attackers typically exploit this vulnerability by injecting malicious format specifiers, like %x or %n, into the input stream. This manipulation allows them to read sensitive memory contents, causing denial of service, or write arbitrary data to memory, potentially leading to remote code execution and full system compromise. To mitigate this risk, developers must strictly avoid passing user-controlled data directly as the format string argument. Instead, they should use literal format strings and pass user input as subsequent arguments. Additionally, implementing rigorous input validation and employing static analysis tools can help detect these dangerous patterns early in the development lifecycle, ensuring that external data is never interpreted as executable code logic.

MITRE CWE Description
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
Common Consequences (2)
ConfidentialityRead Memory
Format string problems allow for information disclosure which can severely simplify exploitation of the program.
Integrity, Confidentiality, AvailabilityModify Memory, Execute Unauthorized Code or Commands
Format string problems can result in the execution of arbitrary code, buffer overflows, denial of service, or incorrect data representation.
Mitigations (3)
RequirementsChoose a language that is not subject to this flaw.
ImplementationEnsure that all format string functions are passed a static string which cannot be controlled by the user, and that the proper number of arguments are always sent to that function as well. If at all possible, use functions that do not support the %n operator in format strings. [REF-116] [REF-117]
Build and CompilationRun compilers and linkers with high warning levels, since they may detect incorrect usage.
Examples (2)
The following program prints a string provided as an argument.
#include <stdio.h> void printWrapper(char *string) { printf(string); } int main(int argc, char **argv) { char buf[5012]; memcpy(buf, argv[1], 5012); printWrapper(argv[1]); return (0); }
Bad · C
The following code copies a command line argument into a buffer using snprintf().
int main(int argc, char **argv){ char buf[128]; ... snprintf(buf,128,argv[1]); }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2024-42330 JS - Internal strings in HTTP headers — Zabbix 9.1 Critical2024-11-27
CVE-2024-50396 QTS, QuTS hero — QTS 9.1 -2024-11-22
CVE-2024-50397 QTS, QuTS hero — QTS 8.1 -2024-11-22
CVE-2024-50398 QTS, QuTS hero — QTS 6.5 -2024-11-22
CVE-2024-50399 QTS, QuTS hero — QTS 6.5 -2024-11-22
CVE-2024-50400 QTS, QuTS hero — QTS 6.5 -2024-11-22
CVE-2024-50401 QTS, QuTS hero — QTS 6.5 -2024-11-22
CVE-2024-9129 Format String Injection in Zend Server — Zend Server 9.4AICriticalAI2024-10-22
CVE-2024-45330 Fortinet FortiAnalyzer 格式化字符串错误漏洞 — FortiAnalyzer 6.8 High2024-10-08
CVE-2024-39529 Junos OS: SRX Series: If DNS traceoptions are configured in a DGA or tunnel detection scenario specific DNS traffic leads to a PFE crash — Junos OS 7.5 High2024-07-11
CVE-2024-4641 OnCell G3470A-LTE Series: Authenticated Format String Errors — OnCell G3150A-LTE Series 6.3 Medium2024-06-25
CVE-2024-6145 Actiontec WCB6200Q Cookie Format String Remote Code Execution Vulnerability — WCB6200Q 8.8 -2024-06-18
CVE-2023-36640 Fortinet FortiProxy 格式化字符串错误漏洞 — FortiProxy 6.5 Medium2024-05-14
CVE-2023-45583 多款Fortinet产品 格式化字符串错误漏洞 — FortiProxy 6.5 Medium2024-05-14
CVE-2021-34970 Foxit PDF Reader print Method Use of Externally-Controlled Format String Information Disclosure Vulnerability — PDF Reader 5.5 -2024-05-07
CVE-2024-23914 Merative Merge DICOM Toolkit 安全漏洞 — Merge DICOM Toolkit C/C++ 5.7 Medium2024-05-03
CVE-2023-48784 Fortinet FortiOS 格式化字符串错误漏洞 — FortiOS 6.1 Medium2024-04-09
CVE-2023-41842 Fortinet 多款产品 格式化字符串错误漏洞 — FortiPortal 6.3 Medium2024-03-12
CVE-2023-29181 Fortinet FortiOS 格式化字符串错误漏洞 — FortiPAM 8.3 High2024-02-22
CVE-2023-6764 Zyxel ATP 格式化字符串错误漏洞 — ATP series firmware 8.1 High2024-02-20
CVE-2023-6399 Zyxel ATP 格式化字符串错误漏洞 — ATP series firmware 5.7 Medium2024-02-20
CVE-2024-23113 Fortinet FortiOS 格式化字符串错误漏洞 — FortiSwitchManager 9.8 Critical2024-02-15
CVE-2023-24590 Gallagher Controller 6000 格式化字符串错误漏洞 — Controller 6000 7.5 High2023-12-18
CVE-2023-36639 Fortinet FortiProxy 格式化字符串错误漏洞 — FortiOS 7.0 High2023-12-13
CVE-2023-48221 wire-avs remote format string vulnerability — wire-avs 7.3 High2023-11-20
CVE-2022-26941 Format string vulnerability in AT+CTGL command in Motorola MTM5000 — Mobile Radio 9.6 Critical2023-10-19
CVE-2023-41349 ASUS RT-AX88U - externally-controlled format string — RT-AX88U 8.8 High2023-09-18
CVE-2023-39240 ASUS RT-AX55、RT-AX56U_V2 - Format String - 3 — RT-AX55 7.2 High2023-09-07
CVE-2023-39239 ASUS RT-AX55、RT-AX56U_V2、RT-AC86U - Format String - 2 — RT-AX55 7.2 High2023-09-07
CVE-2023-39238 ASUS RT-AX55、RT-AX56U_V2 - Format String - 1 — RT-AX55 7.2 High2023-09-07

Vulnerabilities classified as CWE-134 (使用外部控制的格式字符串) represent 112 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.