search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Programming Language Format String Vulnerabilities

Article
In this article, Hal Burch and Robert Seacord explore the potential consequences of format string vulnerabilities in Perl, PHP, Java, Python, and Ruby programs.
Publisher

Dr. Dobbs

Subjects

Abstract

Although not as well known as other vulnerability types such as buffer overflows, format string vulnerabilities have been known to exist in C and C++ programs since at least 1999, when a format string vulnerability was found in AnswerBook2.  

Format string vulnerabilities are not limited to programs written in C and C++. Other languages that include format strings include Perl, PHP, Java, Python, and Ruby. While these languages are relatively immune from buffer overflows because they maintain dynamic arrays and strings for programmers, programs written in them may still contain format string vulnerabilities. 

In this article, Hal Burch and Robert Seacord explore the potential consequences of format string vulnerabilities in Perl, PHP, Java, Python, and Ruby programs.

Download this article >

SHARE
Get it here
Ask a question about this Article