Lucene search
HistoryApr 10, 2024 - 4:15 p.m.
CVE-2024-3566
createprocess function
command injection
nvd
windows
A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.
CNA Affected
[
{
"vendor": "Node.js",
"product": "Node.js",
"platforms": [
"Windows"
],
"versions": [
{
"status": "affected",
"version": "*",
"lessThanOrEqual": "21.7.2",
"versionType": "custom"
}
]
},
{
"vendor": "Go Programming Language",
"product": "GoLang",
"platforms": [
"Windows"
],
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"vendor": "Haskell Programming Language",
"product": "Haskel",
"platforms": [
"Windows"
],
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
]References
flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/
kb.cert.org/vuls/id/123335
learn.microsoft.com/en-us/archive/blogs/twistylittlepassagesallalike/everyone-quotes-command-line-arguments-the-wrong-way
www.cve.org/CVERecord?id=CVE-2024-1874
www.cve.org/CVERecord?id=CVE-2024-22423
www.cve.org/CVERecord?id=CVE-2024-24576
www.kb.cert.org/vuls/id/123335
Related
nvd
nvd
CVE-2024-3566
2024-04-10 16:15:16
debiancve
debiancve
CVE-2024-3566
2024-04-10 16:15:16
cvelist
cvelist
osv
osv
process: command injection via argument list on Windows
2024-04-09 22:14:47
cert
cert
thn
thn
Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks
2024-04-10 03:05:00