Uncontrolled format string is a type of software vulnerability, discovered around 1999, that can be used in security exploits. Previously thought harmless, format string exploits can be used to crash a program or to execute harmful code. The problem stems from the use of unchecked user input as the format string parameter in certain C functions that perform formatting, such as printf. A malicious user may use the %s and %x format tokens, among others, to print data from the stack or possibly other locations in memory. One may also write arbitrary data to arbitrary locations using the %n format token, which commands printf and similar functions to write the number of bytes formatted to an address stored on the stack.
Read more about Uncontrolled Format String: Details, Prevention
Famous quotes containing the word string:
“Amongst the learned the lawyers claim first place, the most self-satisfied class of people, as they roll their rock of Sisyphus and string together six hundred laws in the same breath, no matter whether relevant or not, piling up opinion on opinion and gloss on gloss to make their profession seem the most difficult of all. Anything which causes trouble has special merit in their eyes.”
—Desiderius Erasmus (c. 1466–1536)