DerScanner
Home / Vulnerability Database / Delphi : Obsolete or unsafe function
Delphi

Delphi : Obsolete or unsafe function

Classification

OWASP Top 10 2013
A9-Using Components with Known Vulnerabilities
OWASP Top 10 2017
A9-Using Components with Known Vulnerabilities
OWASP Top 10 2021
A6-Vulnerable and Outdated Components
PCI DSS 4.0
6.3
CWE
CWE-242CWE-477CWE-676CWE-1035
CWE/SANS Top 25 2011
CWE-676

Overview

The function used is deprecated or unsafe (regardless of how it is used). It is recommended to replace it with a secure analog.

ShellExecute and WinExec are examples of obsolete Windows functions.

StrCopy, lstrcpy, strcat, strlen, strcmp functions do not work correctly with memory buffers and pointers. In particular, if the strings passed as arguments do not end with a binary zero, the result of the functions’ work is unpredictable. This allows an attacker to implement such attacks as violation of the integrity and operability of the program.

The LoadLibrary function on an unsuccessful call returns an error code that could occur both in the LoadLibrary, itself and in one of the functions it calls. This behavior complicates error handling.

References

  1. CWE-676: Use of Potentially Dangerous Function
  2. CWE-242: Use of Inherently Dangerous Function
  3. OWASP Top 10 2017-A9-Using Components with Known Vulnerabilities
  4. CWE-1035
  5. CWE-477
MEDIUM

DerScanner Severity Score

Do you want to fix Delphi : Obsolete or unsafe function in your application?

See also

Delphi

Delphi : Incorrect Raise call

Delphi

Delphi : Empty encryption key

Delphi

Delphi : Weak random number generator