...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
Key here (explains table format and definitions)
Taxonomy | Taxonomy item | Relationship |
|---|---|---|
| CERT Oracle Secure Coding Standard for Java | IDS06-J. Exclude unsanitized user input from format strings | Prior to 2018-01-12: CERT: Unspecified Relationship |
| CERT Perl Secure Coding Standard | IDS30-PL. Exclude user input from format strings | Prior to 2018-01-12: CERT: Unspecified Relationship |
| ISO/IEC TR 24772:2013 | Injection [RST] | Prior to 2018-01-12: CERT: Unspecified Relationship |
| ISO/IEC TS 17961:2013 | Including tainted or out-of-domain input in a format string [usrfmt] | Prior to 2018-01-12: CERT: Unspecified Relationship |
| CWE 2.11MITRE CWE | CWE-134, Uncontrolled Format String | 2017-05-16: CERT: Exact |
| CWE 2.11 | CWE-20, Improper Input Validation | 2017-05-17: CERT: Rule subset of CWE |
Bibliography
| [IEEE Std 1003.1:2013] | XSH, System Interfaces, syslog |
| [Seacord 2013b] | Chapter 6, "Formatted Output" |
| [Viega 2005] | Section 5.2.23, "Format String Problem" |
...