CVE-2024-3094
Xz: malicious code in distributed source
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0.
Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
xzRed Hat · Red Hat Enterprise Linux 10Red Hat · Red Hat Enterprise Linux 6Red Hat · Red Hat Enterprise Linux 7Red Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 9Red Hat · Red Hat JBoss Enterprise Application Platform 8public PoCs found — 83
githubgithub.com/amlweems/xzbot★ 3555githubgithub.com/lockness-Ko/xz-vulnerable-honeypot★ 147githubgithub.com/FabioBaroni/CVE-2024-3094-checker★ 72githubgithub.com/robertdfrench/ifuncd-up★ 59githubgithub.com/byinarie/CVE-2024-3094-info★ 54githubgithub.com/jfrog/cve-2024-3094-tools★ 45githubgithub.com/gensecaihq/CVE-2024-3094-Vulnerability-Checker-Fixer★ 26githubgithub.com/0xlane/xz-cve-2024-3094★ 17githubgithub.com/r0binak/xzk8s★ 14githubgithub.com/teyhouse/CVE-2024-3094★ 11githubgithub.com/emirkmo/xz-backdoor-github★ 10githubgithub.com/HackerHermanos/CVE-2024-3094_xz_check★ 8githubgithub.com/badsectorlabs/ludus_xz_backdoor★ 6githubgithub.com/neuralinhibitor/xzwhy★ 5githubgithub.com/wgetnz/CVE-2024-3094-check★ 5githubgithub.com/KaminaDuck/ansible-CVE-2024-3094★ 4githubgithub.com/lypd0/CVE-2024-3094-Vulnerabity-Checker★ 4githubgithub.com/Yuma-Tsushima07/CVE-2024-3094★ 4githubgithub.com/pentestfunctions/CVE-2024-3094★ 3githubgithub.com/felipecosta09/cve-2024-3094★ 3githubgithub.com/przemoc/xz-backdoor-links★ 3githubgithub.com/jbnetwork-git/CVE-2024-3094-XZ-Utils-Check★ 3githubgithub.com/gustavorobertux/CVE-2024-3094★ 3githubgithub.com/Security-Phoenix-demo/CVE-2024-3094-fix-exploits★ 2githubgithub.com/ScrimForever/CVE-2024-3094★ 2githubgithub.com/Horizon-Software-Development/CVE-2024-3094★ 2githubgithub.com/mrk336/CVE-2024-3094★ 2githubgithub.com/Bella-Bc/xz-backdoor-CVE-2024-3094-Check★ 2githubgithub.com/DANO-AMP/CVE-2024-3094★ 2githubgithub.com/harekrishnarai/xz-utils-vuln-checker★ 1githubgithub.com/brinhosa/CVE-2024-3094-One-Liner★ 1githubgithub.com/galacticquest/cve-2024-3094-detect★ 1githubgithub.com/iheb2b/CVE-2024-3094-Checker★ 1githubgithub.com/robertdebock/ansible-playbook-cve-2024-3094★ 1githubgithub.com/valeriot30/cve-2024-3094★ 1githubgithub.com/24Owais/threat-intel-cve-2024-3094★ 1githubgithub.com/Ikram124/CVE-2024-3094-analysis★ 1githubgithub.com/M1lo25/CS50FinalProject★ 1githubgithub.com/nnatsopoulos/xz-backdoor-research★ 1githubgithub.com/mightysai1997/CVE-2024-3094-info★ 0githubgithub.com/MagpieRYL/CVE-2024-3094-backdoor-env-container★ 0githubgithub.com/spidygal/CVE-2024-3094-Nmap-NSE-script★ 0githubgithub.com/TheTorjanCaptain/CVE-2024-3094-Checker★ 0githubgithub.com/vesjolyjd/Kaspersky_CVE-2024-3094★ 0githubgithub.com/Simplifi-ED/CVE-2024-3094-patcher★ 0githubgithub.com/weltregie/liblzma-scan★ 0githubgithub.com/isuruwa/CVE-2024-3094★ 0githubgithub.com/stevehenderson/lab_xz_backdoor★ 0githubgithub.com/hazemkya/CVE-2024-3094-checker★ 0githubgithub.com/Juul/xz-backdoor-scan★ 0githubgithub.com/fevar54/Detectar-Backdoor-en-liblzma-de-XZ-utils-CVE-2024-3094-★ 0githubgithub.com/ashwani95/CVE-2024-3094★ 0githubgithub.com/AndreaCicca/Sicurezza-Informatica-Presentazione★ 0githubgithub.com/shefirot/CVE-2024-3094★ 0githubgithub.com/Fractal-Tess/CVE-2024-3094★ 0githubgithub.com/bioless/xz_cve-2024-3094_detection★ 0githubgithub.com/been22426/CVE-2024-3094★ 0githubgithub.com/laxmikumari615/Linux---Security---Detect-and-Mitigate-CVE-2024-3094★ 0githubgithub.com/OpensourceICTSolutions/xz_utils-CVE-2024-3094★ 0githubgithub.com/Bryn018/Semantic-Backdoor-Detector★ 0githubgithub.com/Dermot-lab/TryHack★ 0githubgithub.com/Mustafa1986/CVE-2024-3094★ 0githubgithub.com/Titus-soc/-CVE-2024-3094-Vulnerability-Checker-Fixer-Public★ 0githubgithub.com/MrBUGLF/XZ-Utils_CVE-2024-3094★ 0githubgithub.com/ThomRgn/xzutils_backdoor_obfuscation★ 0githubgithub.com/hariskhalil555000-sketch/What-utility-does-CVE-2024-3094-refer-to-★ 0githubgithub.com/encikayelwhitehat-glitch/CVE-2024-3094★ 0githubgithub.com/BOSE122/CVE-2024-3094★ 0githubgithub.com/hackura/xz-cve-2024-3094★ 0githubgithub.com/michalAshurov/writeup-CVE-2024-3094★ 0githubgithub.com/extracoding-dozen/CVE-2024-3094★ 0githubgithub.com/ElinaNotElina/cve-2024-3094-analysis★ 0githubgithub.com/vnchk1/sec_review_cve-2024-3094★ 0githubgithub.com/h3raklez/CVE-2024-3094★ 0githubgithub.com/Ava-Vispilio/CVE-2024-3094★ 0githubgithub.com/0xBlackash/CVE-2024-3094★ 0githubgithub.com/dah4k/CVE-2024-3094★ 0githubgithub.com/hackingetico21/revisaxzutils★ 0githubgithub.com/devjanger/CVE-2024-3094-XZ-Backdoor-Detector★ 0githubgithub.com/ackemed/detectar_cve-2024-3094★ 0githubgithub.com/zpxlz/CVE-2024-3094★ 0githubgithub.com/mesutgungor/xz-backdoor-vulnerability★ 0githubgithub.com/mightysai1997/CVE-2024-3094★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://access.redhat.com/security/cve/CVE-2024-3094https://ariadne.space/2024/04/02/the-xz-utils-backdoor-is-a-symptom-of-a-larger-problem/https://arstechnica.com/security/2024/03/backdoor-found-in-widely-used-linux-utility-breaks-encrypted-ssh-connections/https://aws.amazon.com/security/security-bulletins/AWS-2024-002/https://blog.netbsd.org/tnf/entry/statement_on_backdoor_in_xzhttps://boehs.org/node/everything-i-know-about-the-xz-backdoorhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068024https://bugs.gentoo.org/928134https://bugzilla.redhat.com/show_bug.cgi?id=2272210https://bugzilla.suse.com/show_bug.cgi?id=1222124https://discourse.nixos.org/t/cve-2024-3094-malicious-code-in-xz-5-6-0-and-5-6-1-tarballs/42405https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27