目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1336

100%
请我们喝杯咖啡

CWE-134 使用外部控制的格式字符串 类漏洞列表 121

CWE-134 使用外部控制的格式字符串 类弱点 121 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-134 属于格式化字符串漏洞,指程序将源自外部不可信源的数据直接作为格式化字符串参数使用。攻击者可通过注入特定格式说明符(如 %x、%n)读取栈内存敏感信息或篡改内存数据,导致信息泄露或服务拒绝。开发者应避免直接使用用户输入作为格式化字符串,需采用硬编码格式模板并仅将用户数据作为参数传入,或严格过滤输入内容以消除安全风险。

MITRE CWE 官方描述
CWE:CWE-134 使用外部控制的格式字符串 (Use of Externally-Controlled Format String) 英文:产品使用了接受格式字符串 (format string) 作为参数的函数,但该格式字符串源自外部来源。
常见影响 (2)
ConfidentialityRead Memory
Format string problems allow for information disclosure which can severely simplify exploitation of the program.
Integrity, Confidentiality, AvailabilityModify Memory, Execute Unauthorized Code or Commands
Format string problems can result in the execution of arbitrary code, buffer overflows, denial of service, or incorrect data representation.
缓解措施 (3)
RequirementsChoose a language that is not subject to this flaw.
ImplementationEnsure that all format string functions are passed a static string which cannot be controlled by the user, and that the proper number of arguments are always sent to that function as well. If at all possible, use functions that do not support the %n operator in format strings. [REF-116] [REF-117]
Build and CompilationRun compilers and linkers with high warning levels, since they may detect incorrect usage.
代码示例 (2)
The following program prints a string provided as an argument.
#include <stdio.h> void printWrapper(char *string) { printf(string); } int main(int argc, char **argv) { char buf[5012]; memcpy(buf, argv[1], 5012); printWrapper(argv[1]); return (0); }
Bad · C
The following code copies a command line argument into a buffer using snprintf().
int main(int argc, char **argv){ char buf[128]; ... snprintf(buf,128,argv[1]); }
Bad · C
CVE ID标题CVSS风险等级Published
CVE-2017-3859 Cisco ASR 920 Series Aggregation Services Routers Zero Touch Provisioning 安全漏洞 — Cisco IOS XE Software for Cisco ASR 920 Series Routers 8.6 -2017-03-22

CWE-134(使用外部控制的格式字符串) 是常见的弱点类别,本平台收录该类弱点关联的 121 条 CVE 漏洞。