Uncontrolled format string is a type of code injection vulnerability discovered around 1989 that can be used in security exploits.
</references>
Further reading
- (vii+663 pages)
External links
- Introduction to format string exploits 2013-05-02, by Alex Reece
- scut / team-TESO <cite>Exploiting Format String Vulnerabilities</cite> v1.2 2001-09-09
- WASC Threat Classification - Format String Attacks
- CERT Secure Coding Standards
- CERT Secure Coding Initiative
- Known vulnerabilities at MITRE's CVE project.
- Secure Programming with GCC and GLibc (2008), by Marcel Holtmann