...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
| SEI CERT C++ Coding Standard | VOID FIO30-CPP. Exclude user input from format strings |
| CERT Oracle Secure Coding Standard for Java | IDS06-J. Exclude unsanitized user input from format strings |
| CERT Perl Secure Coding Standard | IDS30-PL. Exclude user input from format strings |
| ISO/IEC TR 24772:2013 | Injection [RST] |
| ISO/IEC TS 17961:2013 | Including tainted or out-of-domain input in a format string [usrfmt] |
| MITRE CWE | CWE-134, Uncontrolled Format String |
...