Get Started
- CodeAnt AI
- Control Center
- Pull Request Review
- IDE
- Compliance
- Anti-Patterns
- Code Governance
- Infrastructure Security Database
- Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
- Lang
- Correctness
- Security
- Containers
- Crypto
- Filesystem
- Format-string
- Format-string-injection
- Ldap
- Libraries
- Memory
- Misc
- Rng
- Sql
- Strings
- System-command
- Uri
- Use-after-free
- Libxml2
- Csharp
- Dockerfile
- Elixir
- Fingerprints
- Generic
- Go
- Html
- Java
- Javascript
- Json
- Kotlin
- Ocaml
- Php
- Problem-based-packs
- Python
- Ruby
- Rust
- Scala
- Solidity
- Swift
- Terraform
- Typescript
- Yaml
Format-string-injection
Format string injection
Externally controlled data influences a format string. This can allow an attacker to leak information from memory or trigger memory corruption. Format strings should be constant strings to prevent these issues. If you need to print a user-controlled string then you can use %s
.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-134: Use of Externally-Controlled Format String