Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-134 (使用外部控制的格式字符串) — Vulnerability Class 112

112 vulnerabilities classified as CWE-134 (使用外部控制的格式字符串). AI Chinese analysis included.

CWE-134 represents a critical input validation weakness where software utilizes functions accepting format strings, such as printf, with data originating from an untrusted external source. Attackers typically exploit this vulnerability by injecting malicious format specifiers, like %x or %n, into the input stream. This manipulation allows them to read sensitive memory contents, causing denial of service, or write arbitrary data to memory, potentially leading to remote code execution and full system compromise. To mitigate this risk, developers must strictly avoid passing user-controlled data directly as the format string argument. Instead, they should use literal format strings and pass user input as subsequent arguments. Additionally, implementing rigorous input validation and employing static analysis tools can help detect these dangerous patterns early in the development lifecycle, ensuring that external data is never interpreted as executable code logic.

MITRE CWE Description
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
Common Consequences (2)
ConfidentialityRead Memory
Format string problems allow for information disclosure which can severely simplify exploitation of the program.
Integrity, Confidentiality, AvailabilityModify Memory, Execute Unauthorized Code or Commands
Format string problems can result in the execution of arbitrary code, buffer overflows, denial of service, or incorrect data representation.
Mitigations (3)
RequirementsChoose a language that is not subject to this flaw.
ImplementationEnsure that all format string functions are passed a static string which cannot be controlled by the user, and that the proper number of arguments are always sent to that function as well. If at all possible, use functions that do not support the %n operator in format strings. [REF-116] [REF-117]
Build and CompilationRun compilers and linkers with high warning levels, since they may detect incorrect usage.
Examples (2)
The following program prints a string provided as an argument.
#include <stdio.h> void printWrapper(char *string) { printf(string); } int main(int argc, char **argv) { char buf[5012]; memcpy(buf, argv[1], 5012); printWrapper(argv[1]); return (0); }
Bad · C
The following code copies a command line argument into a buffer using snprintf().
int main(int argc, char **argv){ char buf[128]; ... snprintf(buf,128,argv[1]); }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2023-4746 TOTOLINK N200RE V5 Validity_check format string — N200RE V5 8.8 High2023-09-04
CVE-2023-35087 ASUS RT-AX56U V2 & RT-AC86U - Format String - 2 — RT-AX56U V2 9.8 Critical2023-07-21
CVE-2023-35086 ASUS RT-AX56U V2 & RT-AC86U - Format String -1 — RT-AX56U V2 7.2 High2023-07-21
CVE-2023-33011 Zyxel ATP 格式化字符串错误漏洞 — ATP series firmware 8.8 High2023-07-17
CVE-2022-43953 Fortinet FortiOS 格式化字符串错误漏洞 — FortiProxy 6.3 Medium2023-06-13
CVE-2023-2186 Triangle MicroWorks SCADA Data Gateway 格式化字符串错误漏洞 — SCADA Data Gateway 8.2 High2023-06-07
CVE-2023-21497 SAMSUNG Mobile devices 格式化字符串错误漏洞 — Samsung Mobile Devices 4.4 Medium2023-05-04
CVE-2023-25492 Lenovo XClarity Controller 格式化字符串错误漏洞 — XClarity Controller 6.3 Medium2023-05-01
CVE-2023-22923 Zyxel NBG-418N v2 格式化字符串错误漏洞 — NBG-418N v2 firmware 6.5 Medium2023-05-01
CVE-2022-43619 D-Link DIR-1935 格式化字符串错误漏洞 — DIR-1935 6.8 -2023-03-29
CVE-2015-10088 ayttm proxy.c http_connect format string — ayttm 5.0 Medium2023-03-05
CVE-2023-23783 Fortinet FortiWeb 格式化字符串错误漏洞 — FortiWeb 6.5 Medium2023-02-16
CVE-2023-21420 SAMSUNG Mobile devices 格式化字符串错误漏洞 — Samsung Mobile Devices 7.3 High2023-02-09
CVE-2022-43869 IBM Spectrum Scale denial of service — Elastic Storage System 6.5 Medium2023-02-08
CVE-2023-22374 iControl SOAP vulnerability — BIG-IP 8.5 High2023-02-01
CVE-2022-3023 Use of Externally-Controlled Format String in pingcap/tidb — pingcap/tidb 9.1 -2022-11-04
CVE-2022-35887 Abode Iota 格式化字符串错误漏洞 — iota All-In-One Security Kit 8.8 -2022-10-25
CVE-2022-35886 Abode Iota 格式化字符串错误漏洞 — iota All-In-One Security Kit 8.8 -2022-10-25
CVE-2022-35885 Abode Iota 格式化字符串错误漏洞 — iota All-In-One Security Kit 8.8 -2022-10-25
CVE-2022-35884 Abode Iota 格式化字符串错误漏洞 — iota All-In-One Security Kit 8.8 -2022-10-25
CVE-2022-35881 Abode Iota 格式化字符串错误漏洞 — iota All-In-One Security Kit 8.8 -2022-10-25
CVE-2022-35880 Abode Iota 格式化字符串错误漏洞 — iota All-In-One Security Kit 8.8 -2022-10-25
CVE-2022-35879 Abode Iota 格式化字符串错误漏洞 — iota All-In-One Security Kit 8.8 -2022-10-25
CVE-2022-35878 Abode Iota 格式化字符串错误漏洞 — iota All-In-One Security Kit 8.8 -2022-10-25
CVE-2022-35877 Abode Iota 格式化字符串错误漏洞 — iota All-In-One Security Kit 9.8 -2022-10-25
CVE-2022-35876 Abode Iota 格式化字符串错误漏洞 — iota All-In-One Security Kit 9.8 -2022-10-25
CVE-2022-35875 Abode Iota 格式化字符串错误漏洞 — iota All-In-One Security Kit 9.8 -2022-10-25
CVE-2022-35874 Abode Iota 格式化字符串错误漏洞 — iota All-In-One Security Kit 9.8 -2022-10-25
CVE-2022-35244 Abode Iota 格式化字符串错误漏洞 — iota All-In-One Security Kit 9.8 -2022-10-25
CVE-2022-33938 Abode Iota 格式化字符串错误漏洞 — iota All-In-One Security Kit 9.8 -2022-10-25

Vulnerabilities classified as CWE-134 (使用外部控制的格式字符串) represent 112 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.