Application Security Terminology

Glossary

Svg Vector Icons : http://www.onlinewebfonts.com/icon Return to Glossary

Format String Attack

A Format String attack can occur when the submitted data of an input string is evaluated as a command by the application. Taking advantage of a Format String vulnerability, an attacker can execute code, read the stack, or cause a segmentation fault in the running application – causing new behaviors that compromise the security or the stability of the system. 

format-string-attack

Format String attacks alter the flow of an application. They use string formatting library features to access other memory space. Vulnerabilities occur when user supplied data is deployed directly as formatting string input for certain C/C++ functions (e.g., fprintf, printf, sprintf, setproctitle, syslog, ...).