%20--%3e%3csvg%20version='1.1'%20id='Layer_1'%20x='0px'%20y='0px'%20viewBox='0%200%20107.30001%20140.79999'%20xml:space='preserve'%20sodipodi:docname='mind_logo_positief.svg'%20width='107.30001'%20height='140.79999'%20xmlns:inkscape='http://www.inkscape.org/namespaces/inkscape'%20xmlns:sodipodi='http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd'%20xmlns='http://www.w3.org/2000/svg'%20xmlns:svg='http://www.w3.org/2000/svg'%3e%3cdefs%20id='defs29'%20/%3e%3csodipodi:namedview%20id='namedview29'%20pagecolor='%23505050'%20bordercolor='%23eeeeee'%20borderopacity='1'%20inkscape:showpageshadow='0'%20inkscape:pageopacity='0'%20inkscape:pagecheckerboard='0'%20inkscape:deskcolor='%23d1d1d1'%3e%3cinkscape:page%20x='0'%20y='0'%20width='107.30001'%20height='140.79999'%20id='page2'%20margin='0'%20bleed='0'%20/%3e%3c/sodipodi:namedview%3e%3cstyle%20type='text/css'%20id='style1'%3e%20.st0{fill:%231F1FA3;}%20.st1{fill:url(%23SVGID_1_);}%20.st2{fill:url(%23SVGID_00000033333245342322421190000001486717665348835473_);}%20.st3{fill:url(%23SVGID_00000075852413222229328580000001131059578544388517_);}%20%3c/style%3e%3cg%20id='g9'%20transform='translate(-21.299999,-20.6)'%3e%3clinearGradient%20id='SVGID_1_'%20gradientUnits='userSpaceOnUse'%20x1='4.8695998'%20y1='142.78'%20x2='99.248901'%20y2='35.348301'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop4'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop5'%20/%3e%3c/linearGradient%3e%3crect%20x='21.299999'%20y='64'%20class='st1'%20width='19.9'%20height='97.400002'%20id='rect5'%20style='fill:url(%23SVGID_1_)'%20/%3e%3clinearGradient%20id='SVGID_00000007421653842672228110000012418760815982452352_'%20gradientUnits='userSpaceOnUse'%20x1='23.7796'%20y1='159.3925'%20x2='118.1588'%20y2='51.9608'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop6'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop7'%20/%3e%3c/linearGradient%3e%3cpath%20style='fill:url(%23SVGID_00000007421653842672228110000012418760815982452352_)'%20d='M%2072.3,64%20H%2064%20v%2075.2%20H%2085.1%20V%2076.8%20C%2085.1,69.7%2079.4,64%2072.3,64%20Z'%20id='path7'%20/%3e%3clinearGradient%20id='SVGID_00000072986549029232277750000008760038133176911550_'%20gradientUnits='userSpaceOnUse'%20x1='20.501699'%20y1='156.51289'%20x2='114.881'%20y2='49.0812'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop8'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop9'%20/%3e%3c/linearGradient%3e%3cpath%20style='fill:url(%23SVGID_00000072986549029232277750000008760038133176911550_)'%20d='M%2073.6,20.6%20H%2064%20v%2019.9%20h%209.6%20c%2019.3,0%2035.1,15.7%2035.1,35.1%20v%2044.3%20h%2019.9%20V%2075.6%20c%200,-30.3%20-24.7,-55%20-55,-55%20z'%20id='path9'%20/%3e%3c/g%3e%3c/svg%3e)
Affected Component
Analysis
go
False Positive
go-binary-native
False Positive
php
False Positive
nodejs
False Positive
Name
CVE-2024-3566
Description
A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.
CWEs
Published Date
Updated Date
Workaround
-
Advisories
https://kb.cert.org/vuls/id/123335Third Party Advisory
https://learn.microsoft.com/en-us/archive/blogs/twistylittlepassagesallalike/everyone-quotes-command-line-arguments-the-wrong-wayTechnical Description
https://www.cve.org/CVERecord?id=CVE-2024-1874Not Applicable
https://www.cve.org/CVERecord?id=CVE-2024-22423Not Applicable
https://www.cve.org/CVERecord?id=CVE-2024-24576Not Applicable
https://www.kb.cert.org/vuls/id/123335Not Applicable
https://github.com/nu11secur1ty/Windows11Exploits/tree/main/2024/CVE-2024-3566Third Party Advisory
https://kb.cert.org/vuls/id/123335Third Party Advisory
https://learn.microsoft.com/en-us/archive/blogs/twistylittlepassagesallalike/everyone-quotes-command-line-arguments-the-wrong-wayTechnical Description
https://www.cve.org/CVERecord?id=CVE-2024-1874Not Applicable
https://www.cve.org/CVERecord?id=CVE-2024-22423Not Applicable
https://www.cve.org/CVERecord?id=CVE-2024-24576Not Applicable
https://www.kb.cert.org/vuls/id/123335Not Applicable
Analysis#
Vulnerability Ratings#
9.8
CVSSv31
9.8
CVSSv31
NaN
other
Others affected components#
Name
Project
Project Version
Version
Status
buildroot
2025.02.x
22.22.0
Not Affected
buildroot
2025.02.x
8.3.31
Not Affected
buildroot
master
22.22.0
Not Affected
buildroot
master
8.5.7
Not Affected
openwrt
master
1.24.13-r1
Not Affected
openwrt
master
1.26.4-r1
Not Affected
openwrt
master
22.23.0-r1
Not Affected
openwrt
master
8.4.16-r4
Not Affected
openwrt
openwrt-25.12
1.24.13-r1
Not Affected
openwrt
openwrt-25.12
1.26.4-r1
Not Affected
openwrt
openwrt-25.12
22.23.0-r1
Not Affected
openwrt
openwrt-25.12
8.4.21-r1
Not Affected
yocto
kirkstone
1.17.13
Not Affected
yocto
kirkstone
1.17.13
Not Affected
yocto
kirkstone
16.20.2
Not Affected
yocto
kirkstone
8.1.34
Not Affected
yocto
master
1.26.4
False Positive
yocto
master
1.26.4
False Positive
yocto
master
24.17.0
Not Affected
yocto
master
8.5.7
False Positive