|Join hundreds of InfoSec professionals at our upcoming |
[Global AppSec Amsterdam, September 23-27]
OWASP Periodic Table of Vulnerabilities - Format String
Root Cause Summary
The root cause of the format string is attacker having the ability to control or write completely the format string used to format data input for some C,C++, and Assembly functions such as fprintf, printf, sprintf, setproctitle, and syslog, potentially leading to buffer overflows or data representation problems.
Browser / Standards Solution
Alert and/or block on known format string signatures Generic Framework Solution Prohibit access to vulnerable APIs and provide safe wrappers of those APIs instead.
Generic Framework Solution
Prohibit access to vulnerable APIs and provide safe wrappers of those APIs instead.
Custom Framework Solution
Custom Code Solution
Discussion / Controversy