CWE-134
Use of Externally-Controlled Format String
BaseDraftLikelihood: High
Description
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-135 · CAPEC-67
CVEs mapped to this weakness (204)
page 10 of 11| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2007-3917 | 0.00 | — | 0.03 | Oct 11, 2007 | The multiplayer engine in Wesnoth 1.2.x before 1.2.7 and 1.3.x before 1.3.9 allows remote servers to cause a denial of service (crash) via a long message with multibyte characters that can produce an invalid UTF-8 string after it is truncated, which triggers an uncaught exception, involving the truncate_message function in server/server.cpp. NOTE: this issue affects both clients and servers. | ||
| CVE-2007-5262 | 0.00 | — | 0.04 | Oct 8, 2007 | Multiple format string vulnerabilities in Battlefront Dropteam 1.3.3 and earlier allow remote attackers to execute arbitrary code via format string specifiers in the (1) username, (2) password, and (3) nickname fields in a "0x01" packet. | ||
| CVE-2007-5247 | 0.00 | — | 0.05 | Oct 6, 2007 | Multiple format string vulnerabilities in the Monolith Lithtech engine, as used by First Encounter Assault Recon (F.E.A.R.) 1.08 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in (1) a PB_Y packet to the YPG server on UDP port 27888 or (2) a PB_U packet to UCON on UDP port 27888, different vectors than CVE-2004-1500. NOTE: this issue might be in Punkbuster itself, but there are insufficient details to be certain. | ||
| CVE-2007-4832 | 0.00 | — | 0.04 | Sep 12, 2007 | Format string vulnerability in CellFactor Revolution 1.03 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a malformed nickname. | ||
| CVE-2007-4550 | 0.00 | — | 0.06 | Aug 28, 2007 | Format string vulnerability in ALPass 2.7 English and 3.02 Korean might allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an fnm field in a folder-name record in an ALPASS DB (APW) file. | ||
| CVE-2007-4273 | 0.00 | — | 0.00 | Aug 18, 2007 | IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary directories and execute arbitrary code via a "crafted localized message file" that enables a format string attack, possibly involving the (1) OSSEMEMDBG or (2) TRC_LOG_FILE environment variable in db2licd (db2licm). | ||
| CVE-2007-2655 | 0.00 | — | 0.04 | May 14, 2007 | Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail before 3.8i2 has unknown impact and remote attack vectors, possibly a format string vulnerability that allows remote code execution. | ||
| CVE-2007-1006 | 0.00 | — | 0.04 | Feb 20, 2007 | Multiple format string vulnerabilities in the gm_main_window_flash_message function in Ekiga before 2.0.5 allow attackers to cause a denial of service and possibly execute arbitrary code via a crafted Q.931 SETUP packet. | ||
| CVE-2007-0454 | 0.00 | — | 0.04 | Feb 6, 2007 | Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping. | ||
| CVE-2006-3628 | 0.00 | — | 0.06 | Jul 21, 2006 | Multiple format string vulnerabilities in Wireshark (aka Ethereal) 0.10.x to 0.99.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) ANSI MAP, (2) Checkpoint FW-1, (3) MQ, (4) XML, and (5) NTP dissectors. | ||
| CVE-2006-1471 | 0.00 | — | 0.00 | Jun 27, 2006 | Format string vulnerability in the CF_syslog function launchd in Apple Mac OS X 10.4 up to 10.4.6 allows local users to execute arbitrary code via format string specifiers that are not properly handled in a syslog call in the logging facility, as demonstrated by using a crafted plist file. | ||
| CVE-2006-2453 | 0.00 | — | 0.04 | May 28, 2006 | Multiple unspecified format string vulnerabilities in Dia have unspecified impact and attack vectors, a different set of issues than CVE-2006-2480. | ||
| CVE-2006-1840 | 0.00 | — | 0.01 | Apr 19, 2006 | Multiple format string vulnerabilities in Empire Server before 4.3.1 allow attackers to cause a denial of service (crash) via the (1) load, (2) spy and (3) bomb functions. | ||
| CVE-2006-0743 | 0.00 | — | 0.04 | Mar 9, 2006 | Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors. | ||
| CVE-2006-0771 | 0.00 | — | 0.03 | Feb 18, 2006 | Format string vulnerability in PunkBuster 1.180 and earlier, as used by Soldier of Fortune II and possibly other games, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in invalid cvar values, which are not properly handled when the server kicks the player and records the reason. | ||
| CVE-2006-0705 | 0.00 | — | 0.05 | Feb 15, 2006 | Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command. | ||
| CVE-2006-0082 | 0.00 | — | 0.04 | Jan 4, 2006 | Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name, a variant of CVE-2005-0397, and as demonstrated using the convert program. | ||
| CVE-2005-3154 | 0.00 | — | 0.03 | Oct 5, 2005 | Format string vulnerability in the logging functionality in BitDefender AntiVirus 7.2 through 9 allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in file or directory name. | ||
| CVE-2005-1122 | 0.00 | — | 0.02 | Apr 14, 2005 | Format string vulnerability in cgi.c for Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP GET request containing double-encoded format string specifiers (aka "double expansion error"). | ||
| CVE-2004-2714 | 0.00 | — | 0.01 | Dec 31, 2004 | Unspecified vulnerability in Window Maker 0.80.2 and earlier allows attackers to perform unknown actions via format string specifiers in a font specification in WMGLOBAL, probably a format string vulnerability. |