VYPR

CWE-134

Use of Externally-Controlled Format String

BaseDraftLikelihood: High

Description

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-135 · CAPEC-67

CVEs mapped to this weakness (252)

page 4 of 13
  • CVE-2018-15749MedSep 6, 2018
    risk 0.36cvss 5.5epss 0.00

    The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Format String Vulnerability.

  • CVE-2017-17132MedMar 5, 2018
    risk 0.36cvss 5.5epss 0.00

    Huawei VP9660 V500R002C10 has a uncontrolled format string vulnerability when the license module output the log information. An authenticated local attacker could exploit this vulnerability to cause a denial of service.

  • CVE-2015-2894MedDec 31, 2015
    risk 0.35cvss 5.3epss 0.01

    Format string vulnerability in the up.time client in Idera Uptime Infrastructure Monitor 6.0 and 7.2 allows remote attackers to cause a denial of service (application crash) via format string specifiers.

  • CVE-2026-44407MedMay 7, 2026
    risk 0.31cvss 4.7epss 0.00

    A remote denial-of-service vulnerability exists in the ZTE Cloud PC client uSmartview, which may lead to memory corruption and remote denial of service.

  • CVE-2026-6539MedApr 30, 2026
    risk 0.29cvss 4.4epss 0.00

    Notepad++ 8.9.3 contains a format string injection vulnerability in the Find Results panel handler that allows attackers to cause denial of service and information disclosure by crafting a malicious nativeLang.xml language pack file. Attackers can distribute a poisoned language…

  • CVE-2015-9238MedMay 31, 2018
    risk 0.28cvss 5.3epss 0.01

    secure-compare 3.0.0 and below do not actually compare two strings properly. compare was actually comparing the first argument with itself, meaning the check passed for any two strings of the same length.

  • CVE-2018-14799LowAug 22, 2018
    risk 0.24cvss 3.7epss 0.01

    In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, the PageWriter device does not sanitize data entered by user. This can lead to buffer overflow or format string vulnerabilities.

  • CVE-2026-6474MedMay 14, 2026
    risk 0.21cvss 4.3epss 0.00

    Externally-controlled format string in PostgreSQL timeofday() function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.

  • CVE-2017-5524MedMar 23, 2017
    risk 0.21cvss 4.3epss 0.01

    Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers to bypass a sandbox protection mechanism and obtain sensitive information by leveraging the Python string format method.

  • CVE-2017-7519LowJul 27, 2018
    risk 0.15cvss 2.3epss 0.01

    In Ceph, a format string flaw was found in the way libradosstriper parses input from user. A user could crash an application or service using the libradosstriper library.

  • CVE-2026-7835LowMay 21, 2026
    risk 0.13cvss 3.1epss 0.00

    A format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted input that triggers incorrect format string processing.

  • CVE-2012-3569Nov 14, 2012
    risk 0.07cvss epss 0.48

    Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote attackers to execute arbitrary code via a crafted OVF file.

  • CVE-2014-1683Jan 29, 2014
    risk 0.06cvss epss 0.31

    The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS before 1.1 r248-04, when the pid parameter is 4, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) name, (2) email, (3) subject, or…

  • CVE-2012-2288Sep 4, 2012
    risk 0.06cvss epss 0.33

    Format string vulnerability in the nsrd RPC service in EMC NetWorker 7.6.3 and 7.6.4 before 7.6.4.1, and 8.0 before 8.0.0.1, allows remote attackers to execute arbitrary code via format string specifiers in a message.

  • CVE-2009-4769Apr 20, 2010
    risk 0.06cvss epss 0.38

    Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow (1) remote attackers to execute arbitrary code via format string specifiers in a GET request to the HTTP server component when logging is enabled, and allow (2) remote…

  • CVE-2012-1851Aug 15, 2012
    risk 0.05cvss epss 0.66

    Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted response,…

  • CVE-2011-1568Apr 5, 2011
    risk 0.05cvss epss 0.19

    Format string vulnerability in the logText function in shmemmgr9.dll in IGSSdataServer.exe 9.00.00.11074, and 9.00.00.11063 and earlier, in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to cause a denial of service and possibly execute…

  • CVE-2010-1039May 20, 2010
    risk 0.05cvss epss 0.20

    Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code…

  • CVE-2008-3533Aug 18, 2008
    risk 0.05cvss epss 0.19

    Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within…

  • CVE-2006-3469Jul 21, 2006
    risk 0.05cvss epss 0.27

    Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_format function, which is later…