VYPR

CWE-134

Use of Externally-Controlled Format String

BaseDraftLikelihood: High

Description

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-135 · CAPEC-67

CVEs mapped to this weakness (252)

page 2 of 13
  • CVE-2017-16602HigJan 23, 2018
    risk 0.57cvss 8.8epss 0.03

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.…

  • CVE-2014-8170HigSep 26, 2017
    risk 0.57cvss 8.8epss 0.04

    ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, which allows remote authenticated users and physically proximate attackers to…

  • CVE-2017-12702HigAug 30, 2017
    risk 0.57cvss 8.8epss 0.02

    An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. String format specifiers based on user provided input are not properly validated, which could allow an attacker to execute arbitrary code.

  • CVE-2016-5716HigAug 9, 2017
    risk 0.57cvss 8.8epss 0.02

    The console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 includes unsafe string reads that potentially allows for remote code execution on the console node.

  • CVE-2017-2403HigApr 2, 2017
    risk 0.57cvss 8.8epss 0.03

    An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Printing" component. A format-string vulnerability allows remote attackers to execute arbitrary code via a crafted ipp: or ipps: URL.

  • CVE-2018-1566HigJul 10, 2018
    risk 0.55cvss 8.4epss 0.00

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to execute arbitrary code due to a format string error. IBM X-Force ID: 143023.

  • CVE-2026-6250HigJun 11, 2026
    risk 0.53cvss 8.1epss 0.00

    An authenticated format string vulnerability exists in the ONVIF service of Tapo C110 v2 due to improper handling of user-controlled input.  Externally controlled data is interpreted as a format string, which can be used to manipulate stack memory, including control flow data…

  • CVE-2018-6508HigFeb 9, 2018
    risk 0.52cvss 8.0epss 0.02

    Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are…

  • CVE-2018-17336HigSep 22, 2018
    risk 0.51cvss 7.8epss 0.01

    UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as…

  • CVE-2018-16554HigSep 16, 2018
    risk 0.51cvss 7.8epss 0.02

    The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because of inconsistency between float and double in a sprintf format string during TAG_GPS_ALT…

  • CVE-2015-8107HigApr 13, 2017
    risk 0.51cvss 7.8epss 0.03

    Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code.

  • CVE-2017-5613HigMar 3, 2017
    risk 0.51cvss 7.8epss 0.03

    Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template file.

  • CVE-2015-8106HigApr 18, 2016
    risk 0.51cvss 7.8epss 0.04

    Format string vulnerability in the CmdKeywords function in funct1.c in latex2rtf before 2.3.10 allows remote attackers to execute arbitrary code via format string specifiers in the \keywords command in a crafted TeX file.

  • CVE-2026-22190HigJan 7, 2026
    risk 0.49cvss 7.5epss 0.00

    The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains an uncontrolled format string vulnerability. The -gp (glyph pattern) command-line option is used directly as the format string for sprintf() with only a single argument supplied. If an attacker…

  • CVE-2018-8778HigApr 3, 2018
    risk 0.49cvss 7.5epss 0.08

    In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and…

  • CVE-2018-6875HigMar 14, 2018
    risk 0.49cvss 7.5epss 0.01

    Format String vulnerability in KeepKey version 4.0.0 allows attackers to trigger information display (of information that should not be accessible), related to text containing characters that the device's font lacks.

  • CVE-2018-5207HigJan 6, 2018
    risk 0.49cvss 7.5epss 0.02

    When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string.

  • CVE-2018-5205HigJan 6, 2018
    risk 0.49cvss 7.5epss 0.02

    When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string.

  • CVE-2017-15191HigOct 10, 2017
    risk 0.49cvss 7.5epss 0.03

    In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length.

  • CVE-2017-9212HigMay 23, 2017
    risk 0.49cvss 7.5epss 0.01

    The Bluetooth stack on the BMW 330i 2011 allows a remote crash of the CD/Multimedia software via %x or %c format string specifiers in a device name.