...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
Key here (explains table format and definitions)
Taxonomy | Taxonomy item | Relationship |
|---|---|---|
| CERT CSEI CERT C++ Coding Standard | FIO00-CPP. Take care when creating format strings | Prior to 2018-01-12: CERT: Unspecified Relationship |
| ISO/IEC TS 17961:2013 | Using invalid format strings [invfmtstr] | Prior to 2018-01-12: CERT: Unspecified Relationship |
| CWE 2.11MITRE CWE | CWE-686, Function Call with Incorrect Argument Type | 2017-06-29: CERT: Partial overlap |
| CWE 2.11 | CWE-685 | 2017-06-29: CERT: Partial overlap |
CERT-CWE Mapping Notes
Key here for mapping notes
CWE-686 and FIO47-C
Intersection( EXP37-C, FIO47-C) =
- Invalid argument types passed to format I/O function
EXP37-C – FIO47-C =
- Invalid argument types passed to non-format I/O function
FIO47-C – EXP37-C =
- Invalid format string, but correctly matches arguments in number and type
Intersection( CWE-686, FIO47-C) =
- Use of format strings that do not match the type of arguments
CWE-686 – FIO47-C =
- Incorrect argument type in functions outside of the printf() family.
FIO47-C – CWE-686 =
- Invalid format strings that still match their arguments in type
CWE-685 and FIO47-C
Intersection( CWE-685, FIO47-C) =
- Use of format strings that do not match the number of arguments
CWE-685 – FIO47-C =
- Incorrect argument number in functions outside of the printf() family.
FIO47-C – CWE-685 =
- Invalid format strings that still match their arguments in number
CWE-134 and FIO47-C
Intersection( FIO30-C, FIO47-C) =
- Use of untrusted and ill-specified format string
FIO30-C – FIO47-C =
- Use of untrusted, but well-defined format string
FIO47-C – FIO30-C =
- Use of Ill-defined, but trusted format string
FIO47-C = Union(CWE-134, list) where list =
- Using a trusted but invalid format string
Bibliography
| [ISO/IEC 9899:2011] | Subclause 7.21.6.1, "The fprintf Function" |
...