CWE-134 - Use of Externally-Controlled Format String


One of the software functions is receiving format string. Under the influence of weakness attackers are able to alter externally-controlled format string.
Unaccaptable changes in format strings lead to different problems with work of the system: buffer overflows, denial of service etc. It can also become the reason of arbitrary code execution and information disclosure, letting attackers make the program using much easier.
Sometimes the control of external format strings is performed by the design. In case of format source safeness and reliability, there is no reason to worry about security of the system.
The weakness is introduced during Implementation stage.

Latest vulnerabilities for CWE-134


Description of CWE-134 on Mitre website