CodeAnt AI home pagelight logodark logo
  • Support
  • Dashboard
  • Dashboard
  • Join Community
Start Here
  • What is CodeAnt?
Setup
  • Github
  • Bitbucket
  • Gitlab
  • Azure Devops
Pull Request Review
  • Features
  • Customize Review
  • Quality Gates
  • Integrations
Scan center
  • Code Security
  • Code Quality
  • Cloud Security
  • Engineering Productivity
Integrations
  • Jira
  • Test Coverage
  • CI/CD
IDE
  • Setup
  • Review
  • Enhancements
Rule Reference
  • Compliance
  • Anti-Patterns
  • Code Governance
  • Infrastructure Security Database
  • Application Security Database
    • Apex
    • Bash
    • C
    • Clojure
    • Cpp
      • Lang
        • Correctness
        • Security
          • Containers
          • Crypto
          • Filesystem
          • Format-string
            • Format-string-injection
              • Format string injection
          • Ldap
          • Libraries
          • Memory
          • Misc
          • Rng
          • Sql
          • Strings
          • System-command
          • Uri
          • Use-after-free
      • Libxml2
    • Csharp
    • Dockerfile
    • Elixir
    • Fingerprints
    • Generic
    • Go
    • Html
    • Java
    • Javascript
    • Json
    • Kotlin
    • Ocaml
    • Php
    • Problem-based-packs
    • Python
    • Ruby
    • Rust
    • Scala
    • Solidity
    • Swift
    • Terraform
    • Typescript
    • Yaml
Resources
  • Open Source
  • Blogs
Format-string-injection

Format string injection

format-string-injection

Externally controlled data influences a format string. This can allow an attacker to leak information from memory or trigger memory corruption. Format strings should be constant strings to prevent these issues. If you need to print a user-controlled string then you can use %s.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-134: Use of Externally-Controlled Format String
World writable fileLdap injection dn
twitterlinkedin
Powered by Mintlify
Assistant
Responses are generated using AI and may contain mistakes.