Jan KlusáčekOct. 21, 2024
[-]

Format String Vulnerability

Since the late 1990s, the vulnerability of format strings has been known to the public and is still used to this day. When exploited, an attacker can modify memory and even execute custom code in addition to reading memory. This article discusses the principle and possibilities of exploiting format string vulnerabilities, particularly in the C and C++ languages. The possibilities of exploiting the vulnerability are described in depth, and the auxiliary techniques used by the attackers are presented. The article also explores methods to protect against this vulnerability and includes examples from various programming languages.