Format string attacks occur when untrusted data is passed directly into functions that build formatted strings, within the format parameter. This can result in memory/data leakage. Likelihood: LOW Confidence: MEDIUM CWE: - CWE-134: Use of Externally-Controlled Format String