Format String Vulnerability
What is Format String Vulnerability?
Format String VulnerabilityA flaw caused by passing user-controlled input as the format string of printf-like functions, allowing attackers to read or write arbitrary memory.
Format-string bugs occur when a developer writes printf(user_input) instead of printf("%s", user_input). Specifiers such as %x leak stack memory, %s dereferences arbitrary pointers, and %n writes the number of bytes printed so far to a memory address — yielding arbitrary read/write primitives. Classic exploitation targets GOT/PLT entries, function pointers, or stack canaries. Modern toolchains warn (-Wformat-security, FORTIFY_SOURCE), and many languages forbid the pattern, but the bug still appears in legacy C, embedded firmware, and shells. Defences are mechanical: never pass untrusted input as a format string, and prefer typed formatters such as fmtlib, Rust's println!, or Go's fmt with explicit verbs.
● Examples
- 01
CVE-2000-0573 (wu-ftpd) — site exec format-string remote root.
- 02
Embedded routers that log directly to syslog with attacker-controlled fields.
● Frequently asked questions
What is Format String Vulnerability?
A flaw caused by passing user-controlled input as the format string of printf-like functions, allowing attackers to read or write arbitrary memory. It belongs to the Vulnerabilities category of cybersecurity.
What does Format String Vulnerability mean?
A flaw caused by passing user-controlled input as the format string of printf-like functions, allowing attackers to read or write arbitrary memory.
How do you defend against Format String Vulnerability?
Defences for Format String Vulnerability typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Format String Vulnerability?
Common alternative names include: printf format bug.