Format String Error

Docs > Alerts

Details
Alert ID	30002
Alert Type	Active
Status	release
Risk	Medium
CWE	134
WASC	6
Technologies Targeted	Language / C
Tags	CWE-134 OWASP_2017_A01 OWASP_2021_A03
More Info	Scan Rule Help

Summary

A Format String error occurs when the submitted data of an input string is evaluated as a command by the application.

Solution

Rewrite the background program using proper deletion of bad character strings. This will require a recompile of the background executable.

Other Info

Potential Format String Error. The script closed the connection on a /%s

References

https://owasp.org/www-community/attacks/Format_string_attack

Code

org/zaproxy/zap/extension/ascanrules/FormatStringScanRule.java