General Information

Format String Injection

Variants:
Direct Persistent Session 

Also Known As:
String Format Overflow

Vector Type:
Attack

Relevance:
Technology Specific

Layer:
Application-Level

Platforms:
C, CPP, ASM

Target Type:
Application

Affected Mechanisms:
Input Validation

Invented In:
30/10/2001

Added In:
08/12/2014

Quick Introduction to the Topic:


Vector Operation Method:
Malicious inputs can affect the structure of Format Strings and access other memory spaces


Direct Variant:

Format String Injection

Also Known As:
String Format Overflow

Typical Severity:
Critical

Learn More:





Persistent Variant:

Stored Format String Injection

Also Known As:
Persistent Format String Injection

Typical Severity:
Critical

Resources:

White Papers:

Learn More:


Session Variant:

Format String Injection via Session Puzzling

Also Known As:
Session Format String Injection

Typical Severity:
Critical

Resources:

White Papers:

Learn More: