Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2024-3094

Description

Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.

POC

Reference

- http://www.openwall.com/lists/oss-security/2024/04/16/5

- https://lwn.net/Articles/967180/

- https://news.ycombinator.com/item?id=39877267

- https://news.ycombinator.com/item?id=39895344

- https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users

- https://www.tenable.com/blog/frequently-asked-questions-cve-2024-3094-supply-chain-backdoor-in-xz-utils

- https://www.vicarius.io/vsociety/vulnerabilities/cve-2024-3094

Github

- https://github.com/0x7Fancy/0x7Fancy.github.io

- https://github.com/0xAj-Krishna/biggest-hack

- https://github.com/0xAj-Krishna/biggest-hack-2023-24

- https://github.com/0xlane/xz-cve-2024-3094

- https://github.com/24Owais/threat-intel-cve-2024-3094

- https://github.com/ARPSyndicate/cve-scores

- https://github.com/AndreaCicca/Sicurezza-Informatica-Presentazione

- https://github.com/Bella-Bc/xz-backdoor-CVE-2024-3094-Check

- https://github.com/CHDevSec/RedPhaton

- https://github.com/Cas-Cornelissen/xz-vulnerability-ansible

- https://github.com/CyberGuard-Foundation/CVE-2024-3094

- https://github.com/CyberSecAI/cve_info_refs_crawler

- https://github.com/DANO-AMP/CVE-2024-3094

- https://github.com/EGI-Federation/SVG-advisories

- https://github.com/FabioBaroni/CVE-2024-3094-checker

- https://github.com/Fatal016/xz_lab

- https://github.com/Fractal-Tess/CVE-2024-3094

- https://github.com/Fraunhofer-AISEC/supply-graph

- https://github.com/GauravGhandat-23/AI-Driven-Adaptive-SOC-Assistant-AI-SOCA

- https://github.com/Getshell/xzDoor

- https://github.com/GhostTroops/TOP

- https://github.com/Hacker-Hermanos/CVE-2024-3094_xz_check

- https://github.com/HaveFun83/awesome-stars

- https://github.com/Horizon-Software-Development/CVE-2024-3094

- https://github.com/IAKAT/stars

- https://github.com/Ikram124/CVE-2024-3094-analysis

- https://github.com/JVS23/cybsec-project-2024

- https://github.com/Jappie3/starred

- https://github.com/JonathanSiemering/stars

- https://github.com/Juul/xz-backdoor-scan

- https://github.com/KaminaDuck/ansible-CVE-2024-3094

- https://github.com/MagpieRYL/CVE-2024-3094-backdoor-env-container

- https://github.com/MrBUGLF/XZ-Utils_CVE-2024-3094

- https://github.com/Mustafa1986/CVE-2024-3094

- https://github.com/OpensourceICTSolutions/xz_utils-CVE-2024-3094

- https://github.com/PuddinCat/GithubRepoSpider

- https://github.com/QuentinN42/xztester

- https://github.com/SOC-SC/XZ-Response

- https://github.com/ScrimForever/CVE-2024-3094

- https://github.com/Security-Phoenix-demo/CVE-2024-3094-fix-exploits

- https://github.com/Simplifi-ED/CVE-2024-3094-patcher

- https://github.com/Technetium1/stars

- https://github.com/TheTorjanCaptain/CVE-2024-3094-Checker

- https://github.com/Thiagocsoaresbh/heroku-test

- https://github.com/Titus-soc/-CVE-2024-3094-Vulnerability-Checker-Fixer-Public

- https://github.com/XiaomingX/cve-2024-3094-xz-backdoor-exploit

- https://github.com/Yuma-Tsushima07/CVE-2024-3094

- https://github.com/ackemed/detectar_cve-2024-3094

- https://github.com/adibue/brew-xz-patcher

- https://github.com/akatiyar0312/self-healing-agent-adk

- https://github.com/alexzeitgeist/starred

- https://github.com/alokemajumder/CVE-2024-3094-Vulnerability-Checker-Fixer

- https://github.com/amlweems/xzbot

- https://github.com/aneasystone/github-trending

- https://github.com/anhnmt/ansible-check-xz-utils

- https://github.com/anxkhn/awesome-stars

- https://github.com/anxkhn/my-awesome-stars

- https://github.com/ashwani95/CVE-2024-3094

- https://github.com/awdemos/awdemos

- https://github.com/awdemos/demos

- https://github.com/badsectorlabs/ludus_xz_backdoor

- https://github.com/been22426/CVE-2024-3094

- https://github.com/bernardo1024/Veatures

- https://github.com/bioless/xz_cve-2024-3094_detection

- https://github.com/bollwarm/SecToolSet

- https://github.com/brinhosa/CVE-2024-3094-One-Liner

- https://github.com/bsekercioglu/cve2024-3094-Checker

- https://github.com/buluma/ansible-role-crowd

- https://github.com/buluma/ansible-role-cve_2024_3094

- https://github.com/buluma/ansible-role-openjdk

- https://github.com/buluma/buluma

- https://github.com/byinarie/CVE-2024-3094-info

- https://github.com/c4pt000/kernel-6.8.3-expSEHDsec-fclock-fsync-cpu

- https://github.com/chadsr/stars

- https://github.com/chavezvic/update-checker-Penguin

- https://github.com/christoofar/safexz

- https://github.com/cihan-atas/cyberexam-rooms

- https://github.com/crfearnworks/ansible-CVE-2024-3094

- https://github.com/crosscode-nl/snowflake

- https://github.com/cxyfreedom/website-hot-hub

- https://github.com/dah4k/CVE-2024-3094

- https://github.com/devjanger/CVE-2024-3094-XZ-Backdoor-Detector

- https://github.com/dinhkhaphancs/software-bug-assistant

- https://github.com/donmccaughey/xz_pkg

- https://github.com/dparksports/detect_intrusion

- https://github.com/drdry2/CVE-2024-3094-EXPLOIT

- https://github.com/duytruongpham/duytruongpham

- https://github.com/ecomtech-oss/pisc

- https://github.com/emirkmo/xz-backdoor-github

- https://github.com/enomothem/PenTestNote

- https://github.com/felipecosta09/cve-2024-3094

- https://github.com/felipecruz91/high-profile-demo

- https://github.com/fevar54/Detectar-Backdoor-en-liblzma-de-XZ-utils-CVE-2024-3094-

- https://github.com/fkie-cad/nvd-json-data-feeds

- https://github.com/gaahrdner/starred

- https://github.com/galacticquest/cve-2024-3094-detect

- https://github.com/gayatriracha/CVE-2024-3094-Nmap-NSE-script

- https://github.com/gensecaihq/CVE-2024-3094-Vulnerability-Checker-Fixer

- https://github.com/gustavorobertux/CVE-2024-3094

- https://github.com/hackingetico21/revisaxzutils

- https://github.com/hanmin0512/Data_splunk

- https://github.com/harekrishnarai/xz-utils-vuln-checker

- https://github.com/hazemkya/CVE-2024-3094-checker

- https://github.com/hiitaro/CVE-Searcher

- https://github.com/hoanbi1812000/hoanbi1812000

- https://github.com/iakat/stars

- https://github.com/iheb2b/CVE-2024-3094-Checker

- https://github.com/initMAX/Zabbix-Templates

- https://github.com/initMAX/zabbix-templates

- https://github.com/iomarmochtar/sandock

- https://github.com/isuruwa/CVE-2024-3094

- https://github.com/jafshare/GithubTrending

- https://github.com/janepierresgithub/CVEAnalysisRepository

- https://github.com/jbnetwork-git/linux-tools

- https://github.com/jfrog/cve-2024-3094-tools

- https://github.com/johe123qwe/github-trending

- https://github.com/juev/links

- https://github.com/k4t3pr0/Check-CVE-2024-3094

- https://github.com/kornelski/cargo-deb

- https://github.com/kun-g/Scraping-Github-trending

- https://github.com/laxmikumari615/Linux---Security---Detect-and-Mitigate-CVE-2024-3094

- https://github.com/lemon-mint/stars

- https://github.com/lockness-Ko/xz-vulnerable-honeypot

- https://github.com/ltdenard/cve_lookup

- https://github.com/lu-zero/autotools-rs

- https://github.com/lypd0/CVE-2024-3094-Vulnerabity-Checker

- https://github.com/marcelofmatos/ssh-xz-backdoor

- https://github.com/marcoramilli/marcoramilli

- https://github.com/marklechner/cvewb

- https://github.com/mauvehed/starred

- https://github.com/mesutgungor/xz-backdoor-vulnerability

- https://github.com/mightysai1997/CVE-2024-3094

- https://github.com/mightysai1997/CVE-2024-3094-info

- https://github.com/mightysai1997/xzbot

- https://github.com/mmomtchev/ffmpeg

- https://github.com/mmomtchev/magickwand.js

- https://github.com/mrk336/CVE-2024-3094

- https://github.com/neuralinhibitor/xzwhy

- https://github.com/nomi-sec/PoC-in-GitHub

- https://github.com/orhun/flawz

- https://github.com/pentestfunctions/CVE-2024-3094

- https://github.com/plzheheplztrying/cve_monitor

- https://github.com/portlandAF/NVD-MCPServer

- https://github.com/preyalameta02/software_bug_assistant

- https://github.com/prototux/xz-backdoor-recreation

- https://github.com/przemoc/xz-backdoor-links

- https://github.com/przymusp/XZ-Attack

- https://github.com/r0binak/xzk8s

- https://github.com/reuteras/CVE-2024-3094

- https://github.com/rezigned/xz-backdoor

- https://github.com/rezigned/xz-backdoor-container-image

- https://github.com/robertdebock/ansible-playbook-cve-2024-3094

- https://github.com/robertdebock/ansible-role-cve_2024_3094

- https://github.com/robertdfrench/ifuncd-up

- https://github.com/rockethm/seminarioTAC

- https://github.com/runwhen-contrib/helm-charts

- https://github.com/ruslanbay/nixos-hyperv

- https://github.com/sahilbansal17/awesome-gists

- https://github.com/samokat-oss/pisc

- https://github.com/sampsonv/github-trending

- https://github.com/sarutobi12/sarutobi12

- https://github.com/schu/notebook

- https://github.com/securitycipher/daily-bugbounty-writeups

- https://github.com/shefirot/CVE-2024-3094

- https://github.com/silentEAG/awesome-stars

- https://github.com/sunlei/awesome-stars

- https://github.com/tanjiti/sec_profile

- https://github.com/teyhouse/CVE-2024-3094

- https://github.com/trngtam10d/trngtam10d

- https://github.com/ulikunitz/xz

- https://github.com/unresolv/stars

- https://github.com/v-myildiz/XZBot

- https://github.com/valeriot30/cve-2024-3094

- https://github.com/vuduclyunitn/software_supply_chain_papers

- https://github.com/weltregie/liblzma-scan

- https://github.com/wgetnz/CVE-2024-3094-check

- https://github.com/zayidu/zayidu

- https://github.com/zgimszhd61/cve-2024-3094-detect-tool

- https://github.com/zhanpengliu-tencent/medium-cve

- https://github.com/zhaoxiaoha/github-trending

- https://github.com/zoroqi/my-awesome