Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-134 (使用外部控制的格式字符串) — Vulnerability Class 112

112 vulnerabilities classified as CWE-134 (使用外部控制的格式字符串). AI Chinese analysis included.

CWE-134 represents a critical input validation weakness where software utilizes functions accepting format strings, such as printf, with data originating from an untrusted external source. Attackers typically exploit this vulnerability by injecting malicious format specifiers, like %x or %n, into the input stream. This manipulation allows them to read sensitive memory contents, causing denial of service, or write arbitrary data to memory, potentially leading to remote code execution and full system compromise. To mitigate this risk, developers must strictly avoid passing user-controlled data directly as the format string argument. Instead, they should use literal format strings and pass user input as subsequent arguments. Additionally, implementing rigorous input validation and employing static analysis tools can help detect these dangerous patterns early in the development lifecycle, ensuring that external data is never interpreted as executable code logic.

MITRE CWE Description
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
Common Consequences (2)
ConfidentialityRead Memory
Format string problems allow for information disclosure which can severely simplify exploitation of the program.
Integrity, Confidentiality, AvailabilityModify Memory, Execute Unauthorized Code or Commands
Format string problems can result in the execution of arbitrary code, buffer overflows, denial of service, or incorrect data representation.
Mitigations (3)
RequirementsChoose a language that is not subject to this flaw.
ImplementationEnsure that all format string functions are passed a static string which cannot be controlled by the user, and that the proper number of arguments are always sent to that function as well. If at all possible, use functions that do not support the %n operator in format strings. [REF-116] [REF-117]
Build and CompilationRun compilers and linkers with high warning levels, since they may detect incorrect usage.
Examples (2)
The following program prints a string provided as an argument.
#include <stdio.h> void printWrapper(char *string) { printf(string); } int main(int argc, char **argv) { char buf[5012]; memcpy(buf, argv[1], 5012); printWrapper(argv[1]); return (0); }
Bad · C
The following code copies a command line argument into a buffer using snprintf().
int main(int argc, char **argv){ char buf[128]; ... snprintf(buf,128,argv[1]); }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2022-40604 Format String Vulnerability — Apache Airflow 7.5 -2022-09-21
CVE-2022-26393 Format String vulnerability — Baxter Spectrum Wireless Battery Module (WBM) 5.0 Medium2022-09-09
CVE-2022-26392 Format String vulnerability — Baxter Spectrum Wireless Battery Module (WBM) 3.1 Low2022-09-09
CVE-2022-34747 Zyxel NAS326 格式化字符串错误漏洞 — Zyxel NAS326 firmware 9.8 Critical2022-09-06
CVE-2022-2652 Use of Externally-Controlled Format String in umlaeute/v4l2loopback — umlaeute/v4l2loopback 7.1 -2022-08-04
CVE-2022-1215 libinput 格式化字符串错误漏洞 — libinput 7.8 -2022-05-31
CVE-2022-26674 ASUS RT-AX88U - Format String — RT-AX88U 9.8 Critical2022-04-22
CVE-2021-41193 Use of Externally-Controlled Format String in wire-avs — wire-avs 9.8 Critical2022-03-01
CVE-2022-24051 MariaDB 格式化字符串错误漏洞 — MariaDB 7.8 -2022-02-18
CVE-2021-32785 Format string bug in the Redis cache implementation — mod_auth_openidc 5.3 Medium2021-07-22
CVE-2021-33535 WEIDMUELLER: WLAN devices affected by exploitable format string vulnerability — IE-WL(T)-BL-AP-CL-XX 8.8 High2021-06-25
CVE-2021-20307 lianhaidong libpano13 格式化字符串错误漏洞 — libpano13 9.8 -2021-04-05
CVE-2020-15634 NETGEAR R6700 格式化字符串错误漏洞 — R6700 8.8 -2020-08-19
CVE-2020-1992 PAN-OS on PA-7000 Series: Varrcvr daemon network-based denial of service or privilege escalation — PAN-OS 8.1 High2020-04-08
CVE-2020-1979 PAN-OS: A format string vulnerability in PAN-OS log daemon (logd) on Panorama allows local privilege escalation — PAN-OS 8.1 High2020-03-11
CVE-2020-3118 Cisco IOS XR Software Cisco Discovery Protocol Format String Vulnerability — Cisco IOS XR Software 8.8 -2020-02-05
CVE-2019-13318 Foxit Reader和Foxit PhantomPDF 格式化字符串错误漏洞 — Reader 5.5 -2019-10-04
CVE-2019-6840 多款Schneider Electric产品格式化字符串错误漏洞 — U.motion Server 9.8 -2019-09-17
CVE-2017-7519 Red Hat Ceph 格式化字符串漏洞 — ceph 4.4 -2018-07-27
CVE-2017-0898 Ruby 安全漏洞 — Ruby 9.8 -2017-09-15
CVE-2017-12702 Advantech WebAccess 格式化字符串漏洞 — Advantech WebAccess 8.8 -2017-08-30
CVE-2017-3859 Cisco ASR 920 Series Aggregation Services Routers Zero Touch Provisioning 安全漏洞 — Cisco IOS XE Software for Cisco ASR 920 Series Routers 8.6 -2017-03-22

Vulnerabilities classified as CWE-134 (使用外部控制的格式字符串) represent 112 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.