Format String Error

Docs > Alerts

Details
Alert Id	30002
Alert Type	Active
Status	release
Risk	Medium
CWE	134
WASC	6
Technologies Targeted	Language / C
Tags	OWASP_2017_A01 OWASP_2021_A03

Summary

A Format String error occurs when the submitted data of an input string is evaluated as a command by the application.

Solution

Rewrite the background program using proper deletion of bad character strings. This will require a recompile of the background executable.

References

https://owasp.org/www-community/attacks/Format_string_attack

Code

org/zaproxy/zap/extension/ascanrules/FormatStringScanRule.java