Format string vulnerability from externally controlled format argument

Description

The software uses a function that accepts a format string as an argument, but the format string originates from an external source. This can lead to buffer overflows, denial of service, or data representation problems.

Rationale

The software uses a function that accepts a format string as an argument, but the format string originates from an external source. This can lead to buffer overflows, denial of service, or data representation problems.

The following code illustrates a vulnerable pattern detected by this rule:

void build_string(char *string)
{
	char buf[BUFSIZE];

	// VULNERABLE: Format string vulnerability from externally controlled format argument
	snprintf(buf, BUFSIZE, string);

Remediation

Follow secure coding practices and review the references below for detailed remediation guidance.

Configuration

This detector does not need any configuration.

Format string vulnerability from externally controlled format argument

Description

Rationale

Remediation

Configuration

References