Format String Error
- Risk:
Medium
- Type:
- Active
- CWE:
- CWE-134
- Summary
A Format String error occurs when the submitted data of an input string is evaluated as a command by the application.
- Solution
Rewrite the background program using proper deletion of bad character strings. This will require a recompile of the background executable.
- Other info
- Potential Format String Error. The script closed the connection on a /%s
Genetic data site openSNP to close and delete data over privacy concerns
Verizon Call Filter API flaw exposed customers' incoming call history
GitHub expands security tools after 39 million secrets leaked in 2024
Royal Mail investigates data leak claims, no impact on operations
Police shuts down KidFlix child sexual exploitation platform
The Reality Behind Security Control Failures—And How to Prevent Them
Counterfeit Android devices found preloaded With Triada malware
Google Fixed Cloud Run Vulnerability Allowing Unauthorized Image Access via IAM Misuse
CVE-2025-22224 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2022-43939 Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability
CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability
CVE-2022-43769 Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability
CVE-2024-40890 Zyxel DSL CPE OS Command Injection Vulnerability
CVE-2025-24983 Microsoft Windows Win32k Use-After-Free Vulnerability
CVE-2017-0148 Microsoft SMBv1 Server Remote Code Execution Vulnerability
CVE-2024-20953 Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability
InformationalContent-Type Header Missing
InformationalServer Leaks its Webserver Application via "Server" HTTP Response Header Field
HighPath Traversal
MediumFormat String Error
CWE-1334 Unauthorized Error Injection Can Degrade Hardware Redundancy
CWE-1420 Exposure of Sensitive Information during Transient Execution
CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory
CWE-214 Invocation of Process Using Visible Sensitive Information
CWE-757 Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
CWE-1386 Insecure Operation on Windows Junction / Mount Point
Free online web security scanner