CWE-134 - Use of Externally-Controlled Format String

Description

One of the software functions is receiving format string. Under the influence of weakness attackers are able to alter externally-controlled format string.
Unaccaptable changes in format strings lead to different problems with work of the system: buffer overflows, denial of service etc. It can also become the reason of arbitrary code execution and information disclosure, letting attackers make the program using much easier.
Sometimes the control of external format strings is performed by the design. In case of format source safeness and reliability, there is no reason to worry about security of the system.
The weakness is introduced during Implementation stage.

Latest vulnerabilities for CWE-134

Format string error in FortiOS CLI command 2024-04-09
Low Yes

Multiple vulnerabilities in Fortigate NGFW on Siemens RUGGEDCOM APE1808 devices 2024-03-18
Critical No

Format string error in Fortinet FortiManager, FortiAnalyzer, FortiAnalyzer-BigData and FortiPortal 2024-03-14
Low Yes

Multiple vulnerabilities in Fortigate NGFW on Siemens RUGGEDCOM APE1808 devices 2024-03-13
Critical No

Multiple vulnerabilities in Zyxel firewalls and APs 2024-02-20
High Yes

Remote code execution in FortiOS fgfmd 2024-02-09
High Yes

Multiple vulnerabilities in IBM Security Guardium 2024-01-30
Medium Yes

Format string errors in HTTPSd in Fortinet products 2023-12-14
Medium Yes

Multiple vulnerabilities in ASUS Routers 2023-09-06
High Yes

Multiple vulnerabilities in Zyxel firewalls and WLAN controllers 2023-07-18
Medium Yes

References

Description of CWE-134 on Mitre website