CWE-134(Use of Externally-Controlled Format String)は各種脆弱性データベースや評価で用いられる弱点タイプを説明します。定義・背景・対応する CVE は以下の各セクションを参照してください。
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
| 種別 | 名称 | クラス | 普遍性 | OS / CPE |
|---|---|---|---|---|
| language | — | Not Language-Specific | Undetermined | — |
| language | C | — | Often | — |
| language | C++ | — | Often | — |
| language | Perl | — | Rarely | — |
これらの CVE は本データベースでこの弱点に対応付けられており、追跡と検索のために保持されています。
| CVE | 公開 | 概要 |
|---|---|---|
| CVE-2026-50211 | 2026-06-04 | Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail builds, giving malicious apps write privileges to internal NVRAM registers. |
| CVE-2026-7835 | 2026-05-21 | A format string argument mismatch in Netatalk 3.0.3 through 4.4.2 allows a remote authenticated attacker to cause a minor denial of service via crafted input that triggers incorrect format string proc… |
| CVE-2026-6474 | 2026-05-14 | Externally-controlled format string in PostgreSQL timeofday() function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16… |
| CVE-2026-44407 | 2026-05-07 | A remote denial-of-service vulnerability exists in the ZTE Cloud PC client uSmartview, which may lead to memory corruption and remote denial of service. |
| CVE-2026-6539 | 2026-04-30 | Notepad++ 8.9.3 contains a format string injection vulnerability in the Find Results panel handler that allows attackers to cause denial of service and information disclosure by crafting a malicious n… |
| CVE-2026-3008 | 2026-04-27 | Successful exploitation of the string injection vulnerability could allow an attacker to obtain memory address information or crash the application. |
| CVE-2026-6843 | 2026-04-22 | A flaw was found in nano. A local user could exploit a format string vulnerability in the `statusline()` function. By creating a directory with a name containing `printf` specifiers, the application a… |
| CVE-2026-3509 | 2026-03-24 | An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial‑of‑service (… |
| CVE-2026-33210 | 2026-03-20 | Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or inf… |
| CVE-2025-68648 | 2026-03-10 | A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versi… |
| CVE-2026-0400 | 2026-02-24 | A post-authentication Format String vulnerability in SonicOS allows a remote attacker to crash a firewall. |
| CVE-2025-30269 | 2026-02-11 | A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secre… |
| CVE-2025-64157 | 2026-02-10 | A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authen… |
| CVE-2026-21640 | 2026-01-20 | HackerOne community member Faraz Ahmed (PakCyberbot) has reported a format string injection in the Revive Adserver settings. When specific character combinations are used in a setting, the admin user … |
| CVE-2025-68949 | 2026-01-13 | n8n is an open source workflow automation platform. From 1.36.0 to before 2.2.0, the Webhook node’s IP whitelist validation performed partial string matching instead of exact IP comparison. As a resul… |
| CVE-2026-22190 | 2026-01-07 | The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains an uncontrolled format string vulnerability. The -gp (glyph pattern) command-line option is used directly as the format … |
| CVE-2025-53591 | 2026-01-02 | A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploi… |
| CVE-2023-53966 | 2025-12-22 | SOUND4 LinkAndShare Transmitter 1.1.2 contains a format string vulnerability that allows attackers to trigger memory stack overflows through maliciously crafted environment variables. Attackers can ma… |
| CVE-2025-52666 | 2025-11-20 | Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due to a fatal PHP e… |
| CVE-2025-48826 | 2025-10-07 | A format string vulnerability exists in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to memory corruption. An attacker can send … |
| 日付 | 名称 | バージョン | 重要度 | コメント |
|---|---|---|---|---|
| 2008-08-01 | — | 1.0 | — | added/updated white box definitions |
| 2008-09-08 | CWE Content Team | 1.0 | — | updated Applicable_Platforms, Common_Consequences, Detection_Factors, Modes_of_Introduction, Relationships, Other_Notes, Research_Gaps, Taxonomy_Mappings, Weakness_Ordinalities |
| 2008-11-24 | CWE Content Team | 1.1 | — | updated Relationships, Taxonomy_Mappings |
| 2009-03-10 | CWE Content Team | 1.3 | — | updated Relationships |
| 2009-05-27 | CWE Content Team | 1.4 | — | updated Demonstrative_Examples |
| 2009-07-17 | KDM Analytics | 1.5 | — | Improved the White_Box_Definition |
| 2009-07-27 | CWE Content Team | 1.5 | — | updated White_Box_Definitions |
| 2010-02-16 | CWE Content Team | 1.8 | — | updated Detection_Factors, References, Relationships, Taxonomy_Mappings |
| 2011-06-01 | CWE Content Team | 1.13 | — | updated Common_Consequences, Relationships, Taxonomy_Mappings |
| 2011-06-27 | CWE Content Team | 2.0 | — | updated Modes_of_Introduction, Relationships |
| 2011-09-13 | CWE Content Team | 2.1 | — | updated Potential_Mitigations, References, Relationships, Taxonomy_Mappings |
| 2012-05-11 | CWE Content Team | 2.2 | — | updated Observed_Examples, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings |
| 2014-07-30 | CWE Content Team | 2.8 | — | updated Demonstrative_Examples, Detection_Factors, Relationships, Taxonomy_Mappings |
| 2015-12-07 | CWE Content Team | 2.9 | — | updated Description, Modes_of_Introduction, Name, Relationships |
| 2017-11-08 | CWE Content Team | 3.0 | — | updated Applicable_Platforms, Causal_Nature, Functional_Areas, Likelihood_of_Exploit, Other_Notes, References, Relationships, Taxonomy_Mappings, White_Box_Definitions |
| 2018-03-27 | CWE Content Team | 3.1 | — | updated References |
| 2019-01-03 | CWE Content Team | 3.2 | — | updated References, Relationships, Taxonomy_Mappings |
| 2019-06-20 | CWE Content Team | 3.3 | — | updated Relationships |
| 2019-09-19 | CWE Content Team | 3.4 | — | updated Relationships |
| 2020-02-24 | CWE Content Team | 4.0 | — | updated Detection_Factors, Relationships |
| 2020-08-20 | CWE Content Team | 4.2 | — | updated Relationships |
| 2020-12-10 | CWE Content Team | 4.3 | — | updated Common_Consequences, Relationships |
| 2021-03-15 | CWE Content Team | 4.4 | — | updated Potential_Mitigations, Relationships |
| 2023-01-31 | CWE Content Team | 4.10 | — | updated Description |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated References, Relationships |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |
| 2025-04-03 | CWE Content Team | 4.17 | — | updated Common_Consequences, Demonstrative_Examples, Description, Diagram, Other_Notes |
| 2025-09-09 | CWE Content Team | 4.18 | — | updated Detection_Factors, Functional_Areas, References |
| 2025-12-11 | CWE Content Team | 4.19 | — | updated Applicable_Platforms |