CWE-134
Weakness ID:134(Weakness Base)
Status: Draft
ソスソスソスソスソスソスソスソスソスソスフ厄ソスソス
ソスソスソス
ソスソスソスソスvソスソス
ソス{ソスニ弱性ソスソスソスソスソスンゑソスソスソス\ソスtソスgソスEソスFソスAソスヘ、printf ソスnソスソスフ関撰ソスソスノ外ソスソスソスソスソス逅ァソスソスツ能ソスネ擾ソスソスソスソスソスソスソスソスソスソスソスgソスpソスソスソストゑソスソスワゑソスソスBソスソスソスフ関撰ソスソスヘ、ソスoソスbソスtソス@ソスIソス[ソスoソス[ソスtソスソスソス[ソスソスfソス[ソス^ソス\ソスソスソスフ厄ソスソスソスソスソスソスソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスB
ソスニ弱性ソスフ費ソスソスソスソスソスソスソス
ソスソスソスソス
ソスYソスソスソスソスソスソスvソスソスソスbソスgソスtソスHソス[ソスソス
ソスソスソスソス
C ソスソスソスソス
C++
Perl ソスiソスpソスxソスソスj
ソスソスソスソスソスソスソスソスソスソスソスソスTソス|ソス[ソスgソスソスソス骭セソスソス
ソスニ弱性ソスフ費ソスソスソスソスソス
ソスワゑソスノ、ソスソスソス[ソスUソスフ難ソスソスヘゑソスソスソスソスソスソスソスソスソスソスソスソスソスソスソスソスソスソスソスソスニゑソスソスト茨ソスソスソスソスvソスソスソスOソスソスソスソスソスソスソスソスソスンゑソスソスワゑソスソスBソス{ソスニ弱性ソスヘ、ソスソスソスソスソスソスソスソスソスが指ソス閧ウソスソストゑソスソスネゑソスソスソスソスOソスソスソスbソスZソス[ソスWソスソスソス\ソスzソスソスソスソスRソス[ソスhソスソスソスノ頻ソスノに費ソスソスソスソスソスソスワゑソスソスB
ソスnソス謇サソス竝托ソスロ会ソスソスソスソスフ場合ソスノは、ソスソスソスソスナ有ソスフソスソスbソスZソス[ソスWソスフソスソス|ソスWソスgソスソスソスソスソスUソスソスソスソスiソスニゑソスソスト使ソスpソスソスソスソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスBソスソスソスソスソスソス ソスソスソス|ソスWソスgソスソスソスフ撰ソスソスソスノゑソスソスAソスUソスソスソスメはソスソスbソスZソス[ソスWソスソスソスAソスソスソスソスソスAソスRソスソスソスeソスソスソスcソスフ会ソスソスソスソスソスソスソスツ能ソスナゑソスソス驍スソス゚、ソスソスソスソスソスソスソスソスソスソスフ厄ソスソスヘ托ソスソスフ脆弱性ソスフ鯉ソスソスハとゑソスソスト費ソスソスソスソスソスソスワゑソスソスB
ソスソスハ的ソスネ影ソスソス
| ソスeソスソスソスソスソスけゑソスヘ茨ソス | ソスeソスソス |
|---|---|
| ソス@ソスソスソスソス | ソスソスソスソスソスソスソスソスソスソスフ厄ソスソスヘ、ソスvソスソスソスOソスソスソスソスソスヨの攻ソスソスソスソスPソスソスソスソスソスソスソスソスlソスネ擾ソスソスフ開ソスソスソスソスソスソスソスソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスB |
| ソスAソスNソスZソスXソスソスソスソス | ソスソスソスソスソスソスソスソスソスソスフ厄ソスソスノゑソスソスAソスCソスモのコソス[ソスhソスソスソスソスソスsソスソスソスソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスB |
ソスUソスソスソスソスソスけゑソスツ能ソスソス
ソスソスソスノ搾ソスソスソス
ソスソスソスoソスソスi
ソスソスソスソスソステ的ソスソスソスソス
ソス{ソスニ弱性ソスヘ趣ソスソスソスソステ的ソスソスソスヘにゑソスソスソスト鯉ソスソスoソスソスソスツ能ソスナゑソスソスBソスナ近のツソス[ソスソスソスフ托ソスソスソスソスヘ、ソスtソスHソス[ソスソスソスXソス|ソスWソスeソスBソスuソスソスソスナ擾ソスソスソスソスソスソス驍スソス゚に、ソスfソス[ソス^ソスtソスソスソス[ソスソスソスヘや制ソスソスxソス[ソスXソスフ技ソスpソスソスソスgソスpソスソスソストゑソスソスワゑソスソスB
ソスuソスソスソスbソスNソス{ソスbソスNソスX:
ソスソスソスソスソスソスソスソスソスソスフ厄ソスソスヘ、ソスノめて抵ソスソスソスソスソスソスソス (ソスGソスソスソス[ソスソスソスbソスZソス[ソスWソスフソスソスOソス謫セソスソス) ソスナ費ソスソスソスソスソスソスソス鼾ソスソスソスソスソスソスソスソスソス゚、ソスuソスソスソスbソスNソス{ソスbソスNソスXソスソスソスソスソスノゑソス骭滂ソスmソスヘ搾ソスソスソスナゑソスソスBソスソスソスン的ソスネ厄ソスソスフ托ソスソスソスソスヘ、ソス\ソス[ソスXソスRソス[ソスhソス笂ッソスソスソスフソソス[ソスXソスノ関連ソスソスソスネゑソスソスAソスソスソスsソスtソス@ソスCソスソスソスノ托ソスソスンゑソスソスソスXソスソスソスノゑソスソスソスワゑソスソスB
ソスLソスソスソスソスソスFソスソスソスソスI
ソスニ趣ソスネコソス[ソスhソスソス
ソスソス 1:
ソスネ会ソスソスフ暦ソスヘ、printWrapper() ソスヨ撰ソスソスフ抵ソスソスナ、printf() ソスソスソストび出ソスソスソスソスソス゚に攻ソスソスソスソスソスソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスBソスiソスUソスソスソスソスPソスソスソスソスソスソスソス驍スソス゚、ソスXソス^ソスbソスNソスoソスbソスtソス@ソス[ソスソスソスヌ会ソスソスソスソスソスワゑソスソスソスソスBソスj
ソスTソスソスソスvソスソスソスソスソスソスF C ソスiソスソスソスソスソスソスj
#include <stdio.h>
void printWrapper(char *string) {
printf(string);
}
int main(int argc, char **argv) {
char buf[5012];
memcpy(buf, argv[1], 5012);
printWrapper(argv[1]);
return (0);
}
ソスソス 2:
ソスネ会ソスソスフ暦ソスヘ、snprintf()ソス利用ソスソスソストコソス}ソスソスソスhソスソスソスCソスソスソスフ茨ソスソスソスソスソスソスoソスbソスtソス@ソスノコソスsソス[ソスソスソスワゑソスソスB
ソスTソスソスソスvソスソスソスソスソスソスF C ソスiソスソスソスソスソスソスj
int main(int argc, char **argv){
char buf[128];
...
snprintf(buf,128,argv[1]);
}
ソスソスソスフコソス[ソスhソスナは、ソスUソスソスソスメゑソスソスXソス^ソスbソスNソスフ難ソスソスeソスソスソス{ソスソスソスソスソスAソスソスソスソスソスwソスソスqソスソスソスワむコソス}ソスソスソスhソスソスソスCソスソスソスフ茨ソスソスソスソスソスソスgソスpソスソスソストスソス^ソスbソスNソスノ擾ソスソスソスソスソスソズゑソスソスニゑソスソスツ能ソスナゑソスソスBソスu%xソスv ソスネどの擾ソスソスソスソスwソスソスqソスソスソスAソスヨ撰ソスソスソスソスvソスソスソスソスソスソスネ擾ソスノ難ソスソスヘゑソスソス驍アソスニで、ソスXソス^ソスbソスNソスフ難ソスソスeソスソスヌみ趣ソス驍アソスニゑソスソスツ能ソスナゑソスソスB(ソスソスソスフ暦ソスナは、ソスヨ撰ソスソスヘ擾ソスソスソスソスソスソスソスソスソスソスソスソスソスソスソスソスけ趣ソスソスソストゑソスソスワゑソスソスソスB)
ソスUソスソスソスメは「%nソスvソスソスソスgソスpソスソスソスAsnprintf() ソスノゑソス閧アソスソスワでの出ソスヘバソスCソスgソスソスソスソスソスwソス閧ウソス黷スソスソスソスソスソスノ擾ソスソスソスソスソスソスンなゑソスソスソスAソスXソス^ソスbソスNソスノ擾ソスソスソスソスソスソズ可能ソスソスソスソスソスソスソスソスワゑソスソスBソスソスソスソスヘ、ソスソスソスソスソスソスソスソスlソスソスヌみ搾ソスソズとゑソスソスソスソスAソスzソス閧ウソス黷スソスソスソスソスニは異なゑソスソスソスフでゑソスソスB ソスIソスソスソスネ趣ソスソスソスナは、ソスXソス^ソスbソスNソスソスフポソスCソスソスソス^ソスlソスソスソスソスソスSソスノ撰ソスソス艪キソス驍スソス゚に、4 ソスoソスCソスgソスソスソスソスソス轤オソスト擾ソスソスソスソスソスソスンまゑソスソスB
ソスソス 3:
ソスソスソスソスソスノゑソスソスソストは、ソスソスソスソスソスソスソスフ位置ソス制御すソス髀托ソスソスソスwソスソスqソスノゑソスソスAソスソスソスソスソスソスソスソスヌみ擾ソスソスソスソスソスソスソスUソスソスソスソスソスソスソスソスソスソスソスソスツ能ソスソスソスソスソスソスソスワゑソスワゑソスソスBソスソスソスソスソスwソスソスqソスフ暦ソスニゑソスソスソス glibc ソスナ記ソスqソスソスソス黷スソスネ会ソスソスフコソス[ソスhソスソスソスソスソスソスソスワゑソスソスB
ソスTソスソスソスvソスソスソスソスソスソスF C ソスiソスソスソスソスソスソスj
printf("%d %d %1$d %1$d¥n", 5, 9);
ソスソスソスフコソス[ソスhソスヘ、 ソスu5 9 5 5ソスv ソスニ出ソスヘゑソスソスソスワゑソスソスBソスワゑソスソスAhalf-writes (%hn) ソスソスソスgソスpソスソスソストゑソスソスAソスソスソスソスソスソスソスソスソスフ任ソスモゑソス DWORDS ソス正確ソスノ撰ソスソス艪キソス驍アソスニゑソスソスツ能ソスナゑソスソスBソスソスソスフゑソスソスニにゑソスソスAソスソス1ソスフ様ソスネ、4 ソスoソスCソスgソスソスソスソスソス轤オソスト擾ソスソスソスソスソスソズ必ソスvソスフゑソスソスソスUソスソスソスソスPソスソスソスソスソスソスソス驍アソスニゑソスソスツ能ソスナゑソスソスB
ソスソスソスソスソスソスソス黷スソスソスソスソス
| ソスQソスソス | ソスレ搾ソス |
|---|---|
| CVE-2002-1825 | format string in Perl program |
| CVE-2001-0717 | format string in bad call to syslog function |
| CVE-2002-0573 | format string in bad call to syslog function |
| CVE-2002-1788 | format strings in NNTP server responses |
| CVE-2007-2027 | Chain: untrusted search path enabling resultant format string by loading malicious internationalization messages |
ソスソスQソスフ緩和ソスソス
ソスtソスFソス[ソスY:ソスvソスソスソスソス`
ソス{ソスニ弱性ソスフ影ソスソスソスソスソスけなゑソスソスソスソスソスソスソスgソスpソスソスソスト会ソスソスソスソスソスソスB
ソスtソスFソス[ソスY:ソスソスソスソス
ソスSソストの擾ソスソスソスソスソスソスソスソスソスヨ撰ソスソスソスソスAソスソスソス[ソスUソスソスソスソスソスソスナゑソスソスネゑソスソステ的ソスネ包ソスソスソスソスソスナゑソスソスソスAソスソスソスフ擾ソスAソスソスソスフ関撰ソスソスノ適ソスリな撰ソスソスフ茨ソスソスソスソスソスソスnソスソスソスソストゑソスソス驍アソスニゑソスソスmソスFソスソスソスト会ソスソスソスソスソスソスBソスツ能ソスネゑソスホ、ソスソスソスソスソスソスソスソスソスソスノゑソスソスソスソスソス ソスu%nソスv ソスソスソスTソス|ソス[ソスgソスソスソスネゑソスソスヨ撰ソスソスソスソスgソスpソスソスソスト会ソスソスソスソスソスソスB
ソスrソスソスソスhソスFソスsソスKソスリな使ソスpソスソスソスxソスソスソスソスソストゑソスソスソスツ能ソスソスソスソスソスソスソス驍スソス゚、ソスRソスソスソスpソスCソスソスソスソスソスソスムソスソスソスソスJソス[ソスフ警ソスソスソスノ抵ソスソスモゑソスソスト会ソスソスソスソスソスソスB
ソスソスソスフ托ソスソスフ補足
ソスソスソスソスソスソスソスソスソスソスフ脆弱性ソスヘ、ソスソスハ的ソスノバソスbソスtソス@ソスIソス[ソスoソス[ソスtソスソスソス[ソスフカソスeソスSソスソスソスノ包ソスソズゑソスソスソスワゑソスソスソスソスAソスソスソスソスソスノはバソスbソスtソス@ソスヘオソス[ソスoソス[ソスtソスソスソス[ソスソスソストゑソスソスワゑソスソスソスB
ソスソスソスソスソスソスソスソスソスソスフ厄ソスソスノゑソスソスソスソスソスニ弱性ソスヘ、ソスソスrソスIソスVソスソスソスソスソスソスソスナゑソスソスソス (1999ソスソス) ソスAソスツ変茨ソスソスソスソスソスソスけ趣ソスソスヨ撰ソスソスソスソスAソスけ趣ソスソスソスソスソスソスソスソスソスフ撰ソスソスソスソスmソスFソスソスソス骭サソスソスソスIソスネ趣ソスiソスソスソスソスソスンゑソスソスネゑソスソスソスソスニに起ソスソスソスソスソスワゑソスソスBCソスソスソスソスフソスソスソスソス^ソスCソスソスソスヨ撰ソスソスソスソスワめ、ソスツ変茨ソスソスソスソスソスソスけ趣ソスソスヨ撰ソスソスフ抵ソスソスナ最ゑソスソスソスハ的ソスネゑソスソスフは、 printf() ソスnソスソスナゑソスソスB
ソスソスソスソスソスソスソスソスソスソスフ厄ソスソスヘ様ソスXソスネ形ソスナ鯉ソスソスソスワゑソスソスB
ソスソスソスソスソスwソスソスqソスフなゑソス *printf() ソスRソス[ソスソスソスヘ危険ソスナゑソスソスソスAソスUソスソスソスソスソスソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスBソス痰ヲソスホ、ソスソスソスソスソスRソスソスソスeソスLソスXソスgソスノゑソスソスソスソスト、printf(y,input); ソスヘ攻ソスソスソスソスソスソス驍アソスニゑソスソスソスソスソスワゑソスソスが、printf(input); ソスノは攻ソスソスソスソスソスソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスB printf(input); ソスRソス[ソスソスソスソスソスsソスソスソスノ暦ソスソスpソスソスソス黷スソスソスソスハ、ソスソスソスヘ包ソスソスソスソスソスヘ擾ソスソスソスソスwソスソスqソスニゑソスソスト使ソスpソスソスソスソス驍スソス゚、ソスUソスソスソスメにスソス^ソスbソスNソスソスソスソスソスソスソスソス`ソスソスソスソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスBソスcソスソスソスソスソスpソスソスソスソスソス[ソス^ソスヘスソス^ソスbソスNソスソスソスソスソスソスソスソスoソスソスソスソス驍スソス゚、ソスUソスソスソスメは擾ソスソスソスソスwソスソスqソスニ具ソスソスノ難ソスソスヘ包ソスソスソスソスソスソスソスlソス゚搾ソスソスン、ソスXソス^ソスbソスNソスフ値ソスソスヌみ趣ソスソスnソス゚まゑソスソスBソスナ茨ソスソスフ場合ソスノは、ソスソスソスフ不ソスソスソスソスソスpソスノゑソスソスAソスCソスモの値 (ソスワゑソスソスヘ攻ソスソスソスvソスソスソスOソスソスソスソスソスフ擾ソスソスソスソスニなゑソスl) ソスソスソスメ難ソスソスソスソスフプソスソスソスOソスソスソスソスソスフソスソスソスソスソスソスノ擾ソスソスソスソスソスソズ撰ソスソスソスソス^ソスソスソストゑソスソスワゑソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスB
ソスソスハ的ソスノ、ソスUソスソスソスホ象となゑソスフはフソス@ソスCソスソスソスソスソスAソスvソスソスソスZソスXソスソスソスAソスソスソスハ子ソスナゑソスソスB
ソスソスソスソスソスソスソスソスソスソスフ厄ソスソスヘ、C/C++ソスソスソスソスノゑソスソスソスソスソスソスソスmソスフ脆弱性ソスナゑソスソスソスAソスeソスユに鯉ソスソスmソスナゑソスソス驍アソスニゑソスソスソスソスソスソスト鯉ソスソスンはほとゑソスヌ托ソスソスンゑソスソスワゑソスソスソスBソスソスソスソスソスソスソスソスソスソスフ厄ソス閧ェソスUソスソスソスソスソスけゑソスソスネ鯉ソスソスソスソスフ茨ソスツゑソス ソスu%nソスv ソスフ擾ソスソスソスソスwソスソスqソスノゑソスソスソスワゑソスソスBソスu%nソスvソスヘ、ソスソスソスソスソスノゑソスソスソスト指ソス閧ウソス黷スソスソスソスソスソスソスソスノ対ゑソスソスAソスソスソスソスワでに擾ソスソスソスソスソスソスソスソスソスノゑソスソスソスト表ソスソスソスソスソス黷スソスソスソスソスソスソスソスソスソスソスソスソスソスソスソスンまゑソスソスBソスソスソスソスソスソスソスソスソスソスソスソスIソスソスソスノ撰ソスソスソスソスソスソス驍アソスニで、ソスソスソスモゑソスソス驛ソス[ソスUソスヘスソス^ソスbソスNソスフ値ソス利用ソスソスソスソス write-what-where condition (CWE-123) ソスソスソスソスソスソスソスNソスソスソスソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスB
ソスワゑソスソスAソスソスソスフ擾ソスソスソスソスwソスソスqソスソスソスソスソスlソスノ攻ソスソスソスノ使ソスpソスソスソスソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスBソス痰ヲソスホ、ソスu%9999sソスvソスフ擾ソスソスソスソスwソスソスqソスヘ、ソスoソスbソスtソス@ソスIソス[ソスoソス[ソスtソスソスソス[ソスフ誘ソスソスソスソスAfprintf ソスフ様ソスネフソス@ソスCソスソスソスtソスHソス[ソス}ソスbソスgソスヨ撰ソスソスナ使ソスpソスソスソス黷スソス鼾ソスAソス\ソスソスソスソスソスソスソスソスソスソスソス蛯ォソスネ出ソスヘを生撰ソスソスソスソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスB
ソスソスソスソスソスノゑソスソスソスソス髑シソスフ脆弱性ソスニの依托ソスソスヨ係
| ソスヒ托ソスソスヨ係 | ソスレ搾ソス |
|---|---|
| ソスニ暦ソスソスI | ソスソスソスフ脆弱性ソスフ有ソスソスソスノ関係ソスソスソスソスソスAソスニ暦ソスソスソスソスト費ソスソスソス |
ソスヨ係ソスソス
| Nature | Type | ID | Name | View(s) this relationship pertains to |
|---|---|---|---|---|
| ChildOf | Weakness Class | 20 | Improper Input Validation | Seven Pernicious Kingdoms (primary)700 |
| ChildOf | Weakness Class | 74 | Failure to Sanitize Data into a Different Plane (aka 'Injection') | Development Concepts (primary)699 |
| Research Concepts (primary)1000 | ||||
| ChildOf | Category | 133 | String Errors | Development Concepts699 |
| ChildOf | Category | 633 | Weaknesses that Affect Memory | Resource-specific Weaknesses (primary)631 |
| ChildOf | Category | 726 | OWASP Top Ten 2004 Category A5 - Buffer Overflows | Weaknesses in OWASP Top Ten (2004) (primary)711 |
| ChildOf | Category | 743 | CERT C Secure Coding Section 09 - Input Output (FIO) | Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734 |
| ChildOf | Category | 808 | 2010 Top 25 - Weaknesses On the Cusp | Weaknesses in the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors(primary)800 |
| PeerOf | Weakness Base | 123 | Write-what-where Condition | Research Concepts1000 |
| MemberOf | View | 630 | Weaknesses Examined by SAMATE | Weaknesses Examined by SAMATE (primary)630 |
| MemberOf | View | 635 | Weaknesses Used by NVD | Weaknesses Used by NVD (primary)635 |
ソスvソスソスソスソスソスソスソスソス ソスiCWE ソスフ鯉ソスソスソスソスj
Cソスソスソスソスネ外ソスフ鯉ソスソスソスノゑソスソスソスソス髀托ソスソスソスソスソスソスソスソスフ厄ソスソスヘ抵ソスソスソスソスソスソスナゑソスソスBソスソスソスソスソスソスソスワゑソスソスヘデソスBソスXソスNソスソスソスソスAソスRソスソスソスgソスソスソス[ソスソスソスソスソスソスAソスfソス[ソス^ソスjソスソスソスヘ、PerlソスA PHPソスAPython ソスネどゑソス Cソスソスソスソス ソスネ外ソスフ鯉ソスソスソスナ擾ソスソスソスソス黷スソスAソスvソスソスソスPソス[ソスVソスソスソスソスソスノゑソスソスソスソス髀托ソスソスソスソスソスソスソスソスフ攻ソスソスソスフ要ソスソスソスニなゑソスワゑソスソスB
ソスeソスソスソスソスソスけゑソスVソスXソスeソスソスソスソスソス\ソス[ソスX
ソスソスソスソスソスソス
ソス@ソス\ソスソスソスソス
ソスソスソスOソスフ取得
ソスGソスソスソス[
ソスソスハ的ソスネアソスEソスgソスvソスbソスg
ソスソスソスソスソスフ撰ソスソスソス
ソスsソスソスソスmソスiソスJソスソスソスメの行ソスソスソスフ鯉ソスソスハにゑソスソスネゑソスソスニ弱性ソスj
ソスソスソスgソスDソスナの包ソスソスソス
| ソスgソスDソスソスソスワゑソスソスヘ組ソスDソスナの包ソスソスソス | ソスmソス[ソスh ID | CWEソスフ包ソスソズとの適ソスソスソスx | ソスソスソズ厄ソス |
|---|---|---|---|
| PLOVER | Format string vulnerability | ||
| 7 Pernicious Kingdoms | Format String | ||
| CLASP | Format string problem | ||
| CERT C Secure Coding | FIO30-C | Exact | Exclude user input from format strings |
| OWASP Top Ten 2004 | A1 | CWE More Specific | Unvalidated Input |
| CERT C Secure Coding | FIO30-C | Exclude user input from format strings | |
| WASC | 6 | Format String |
ソスヨ連ソスソスソスソスUソスソスソスpソス^ソス[ソスソス
| CAPEC-ID | ソスUソスソスソスpソス^ソス[ソスソスソスソス (CAPEC Version 1.5) |
|---|---|
| 67 | String Format Overflow in syslog() |
ソスzソスソスソスCソスgソス{ソスbソスNソスXソスフ抵ソス`
ソスRソス[ソスhソスpソスXソスソスソスネ会ソスソスフ擾ソスソスソスソス満ゑソスソスソスソスニ弱性
1. ソスJソスnソスXソスeソス[ソスgソスソスソスソスソスgソスナ難ソスソスヘゑソスソスソスtソスソスソスソス鼾
2. ソスネ会ソスソスフ擾ソスソスソスソス満ゑソスソスソスソスIソスソスソスXソスeソス[ソスgソスソスソスソスソスgソスナ包ソスソスソスソス処暦ソスソスヨ撰ソスソスノ擾ソスソスソスソスソスnソスソスソス鼾
ソスEソスソスソスヘデソス[ソス^ソスヘ包ソスソスソスソスソスフ一部ソスナゑソスソスソスAソスソスソスツ、ソス]ソスワゑソスソスソスソスネゑソスソスソスソスソスソスソスソスソスソスソスナゑソスソスソス鼾
ソスソスソスソスLソスフ「ソス]ソスワゑソスソスソスソスネゑソスソスvソスニは、ソスネ会ソスソスフ擾ソスヤゑソスソスwソスソスソスワゑソスソスB
1. ソスソスソスリゑソスソスソストゑソスソスネゑソス
2. ソスソスソスソスソスソスソスソス@ソスナ鯉ソスソスリゑソスソスソストゑソスソスソス
ソスQソスソス
Steve Christey. "Format String Vulnerabilities in Perl Programs". <http://www.securityfocus.com/archive/1/418460/30/0/threaded>.
Hal Burch and Robert C. Seacord. "Programming Language Format String Vulnerabilities". <http://www.ddj.com/dept/security/197002914>.
Tim Newsham. "Format String Attacks". Guardent. September 2000. <http://www.lava.net/~newsham/format-string-attacks.pdf>.
[REF-11] M. Howard and D. LeBlanc. "Writing Secure Code". Chapter 5, "Format String Bugs" Page 147. 2nd Edition. Microsoft. 2002.
ソスXソスVソスソスソスソス
[2011ソスN04ソスソス21ソスソス]
2010ソスN10ソスソス12ソスソスソスソスソス_ソスフデソス[ソス^ソスソスソスソスソスノ更ソスV
[2009ソスN06ソスソス29ソスソス]
2009ソスN02ソスソス02ソスソスソスソスソス_ソスフ会ソスソスL URL ソスソスソスソスソスノ作成
http://cwe.mitre.org/data/definitions/134.html
ソスoソス^ソスソス 2011/04/21
ソスナ終ソスXソスVソスソス 2023/04/04
