Test case 1542

Type: source code
State: bad
Author: DRDC
Status: candidate
Language: C++
Submission Date: 09 Jun 2006

Description

A string function is passed a value without format string. This can lead to a format string vulnerability if the value can be in control of a malicious user.
These test cases were graciously provided by Frederic Michaud of Defense Research & Development Canada - Valcartier.
Please see test case ID 000-001-518 for an executable suite of all the DRDC test cases.

Flaws

CWE-134 Use of Externally-Controlled Format String

Test Suites

Defence R&D Canada

Have any comments on this test case? Please, send us an email.