CWE-134
Use of Externally-Controlled Format String
BaseDraftLikelihood: High
Description
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-135 · CAPEC-67
CVEs mapped to this weakness (204)
page 9 of 11| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2008-6395 | 0.00 | — | 0.01 | Mar 4, 2009 | The web management interface in 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point allows remote attackers to cause a denial of service (device crash) via a malformed HTTP POST request. | ||
| CVE-2009-0601 | 0.00 | — | 0.00 | Feb 16, 2009 | Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable. | ||
| CVE-2008-3940 | 0.00 | — | 0.00 | Sep 5, 2008 | Format string vulnerability in the finger client in HP TCP/IP Services for OpenVMS 5.x allows local users to gain privileges via format string specifiers in a (1) .plan or (2) .project file. | ||
| CVE-2008-2310 | 0.00 | — | 0.01 | Jul 1, 2008 | Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string in (1) C++ or (2) Java source code. | ||
| CVE-2008-0963 | 0.00 | — | 0.04 | Apr 14, 2008 | Format string vulnerability in EMC DiskXtender MediaStor 6.20.060 allows remote authenticated users to execute arbitrary code via a crafted message to the RPC interface. | ||
| CVE-2008-1658 | 0.00 | — | 0.00 | Apr 11, 2008 | Format string vulnerability in the grant helper (polkit-grant-helper.c) in PolicyKit 0.7 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in a password. | ||
| CVE-2008-1705 | 0.00 | — | 0.05 | Apr 9, 2008 | Format string vulnerability in the logging function in IBM solidDB 06.00.1018 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the (1) user name, (2) peer name, and possibly unspecified other fields. | ||
| CVE-2008-1333 | 0.00 | — | 0.03 | Mar 20, 2008 | Format string vulnerability in Asterisk Open Source 1.6.x before 1.6.0-beta6 might allow remote attackers to execute arbitrary code via logging messages that are not properly handled by (1) the ast_verbose logging API call, or (2) the astman_append function. | ||
| CVE-2008-0989 | 0.00 | — | 0.00 | Mar 18, 2008 | Format string vulnerability in mDNSResponderHelper in Apple Mac OS X 10.5.2 allows local users to execute arbitrary code via format string specifiers in the local hostname. | ||
| CVE-2008-1206 | 0.00 | — | 0.06 | Mar 8, 2008 | Format string vulnerability in the log_message function in lks.c in Linux Kiss Server 1.2, when background (daemon) mode is disabled, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in an invalid command. | ||
| CVE-2008-1120 | 0.00 | — | 0.01 | Mar 3, 2008 | Format string vulnerability in the embedded Internet Explorer component for Mirabilis ICQ 6 build 6043 allows remote servers to execute arbitrary code or cause a denial of service (crash) via unspecified vectors related to HTML code generation. | ||
| CVE-2008-0945 | 0.00 | — | 0.01 | Feb 25, 2008 | Format string vulnerability in the logging function in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in an IP address field. | ||
| CVE-2007-6625 | 0.00 | — | 0.04 | Jan 4, 2008 | The Platform Service Process (asampsp) in Fan-Out Driver Platform Services for Novell Identity Manager (IDM) 3.5.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified network traffic that triggers a syslog message containing invalid format string specifiers, as demonstrated by a Nessus scan. | ||
| CVE-2007-4708 | 0.00 | — | 0.03 | Dec 19, 2007 | Format string vulnerability in Address Book in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via the URL handler. | ||
| CVE-2007-6183 | 0.00 | — | 0.03 | Nov 30, 2007 | Format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter. | ||
| CVE-2007-3880 | 0.00 | — | 0.00 | Nov 14, 2007 | Format string vulnerability in srsexec in Sun Remote Services (SRS) Net Connect 3.2.3 and 3.2.4, as distributed in the SRS Proxy Core (SUNWsrspx) package, allows local users to gain privileges via format string specifiers in unspecified input that is logged through syslog. | ||
| CVE-2007-5396 | 0.00 | — | 0.03 | Nov 10, 2007 | Format string vulnerability in the ext_yahoo_contact_added function in yahoo.c in Miranda IM 0.7.1 allows remote attackers to execute arbitrary code via a Y7 Buddy Authorization packet with format string specifiers in the contact Yahoo! handle (who). | ||
| CVE-2007-5825 | 0.00 | — | 0.05 | Nov 5, 2007 | Format string vulnerability in the ws_addarg function in webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to execute arbitrary code via a stats method action to /xml-rpc with format string specifiers in the (1) username or (2) password portion of base64-encoded data on the "Authorization: Basic" HTTP header line. | ||
| CVE-2007-5545 | 0.00 | — | 0.02 | Oct 18, 2007 | Format string vulnerability in TIBCO SmartPGM FX allows remote attackers to execute arbitrary code via format string specifiers in unspecified vectors. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | ||
| CVE-2007-5561 | 0.00 | — | 0.04 | Oct 18, 2007 | Format string vulnerability in the logging function in the Oracle OPMN daemon, as used on Oracle Enterprise Grid Console server 10.2.0.1, allows remote attackers to execute arbitrary code via format string specifiers in the URI in an HTTP request to port 6003, aka Oracle reference number 6296175. NOTE: this might be the same issue as CVE-2007-0282 or CVE-2007-0280, but there are insufficient details to be sure. |