Menu
I have found out about the format string vulnerability in C++, but C++ is an old language. I want to know whether the format string vulnerability still exists in modern languages, like C# and Java.
467
Format String Vulnerability:-
Format string problems are a classic C/C++ issue that are now rare due to the ease of discovery. The reason format string vulnerabilities can be exploited is due to the %n operator. The %n operator will write the number of characters, which have been printed by the format string therefore far, to the memory pointed to by its argument.
However, languages such as C# and Java produce managed code that are not susceptible to memory address overwrites as the CLR/JVM manage the process memory rather than it being the responsibility of the developer. This can mean that a buffer overflow vulnerability is a lot less likely (but it can happen depending on 3rd party components being called or vulnerabilities in the languages themselves).
So the answer is no for managed languages such as C# and Java.
150
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
