Format String Vulnerability

Format-string bugs occur when a developer writes printf(user_input) instead of printf("%s", user_input). Specifiers such as %x leak stack memory, %s dereferences arbitrary pointers, and %n writes the number of bytes printed so far to a memory address — yielding arbitrary read/write primitives. Classic exploitation targets GOT/PLT entries, function pointers, or stack canaries. Modern toolchains warn (-Wformat-security, FORTIFY_SOURCE), and many languages forbid the pattern, but the bug still appears in legacy C, embedded firmware, and shells. Defences are mechanical: never pass untrusted input as a format string, and prefer typed formatters such as fmtlib, Rust's println!, or Go's fmt with explicit verbs.