SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 154

changes.mady.by.user Lisa Robertson

Saved on

compared with

New Version 155

changes.mady.by.user Unknown User (lflynn)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: mapping

...

CERT Oracle Secure Coding Standard for JavaIDS06-J. Exclude unsanitized user input from format strings
CERT Perl Secure Coding StandardIDS30-PL. Exclude user input from format strings
ISO/IEC TR 24772:2013Injection [RST]
ISO/IEC TS 17961:2013Including tainted or out-of-domain input in a format string [usrfmt]
MITRE CWE

CWE-134, Uncontrolled Format String

CWE-20, Improper Input Validation

Bibliography

[IEEE Std 1003.1:2013]XSH, System Interfaces, syslog
[Seacord 2013b]Chapter 6, "Formatted Output"
[Viega 2005]Section 5.2.23, "Format String Problem"

...