Threat Intelligence / CVE / CVE-2024-3094
CVE-2024-3094
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.
CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Weaknesses (CWE)
CWE-506
References
- https://access.redhat.com/security/cve/CVE-2024-3094
- https://bugzilla.redhat.com/show_bug.cgi?id=2272210
- https://www.openwall.com/lists/oss-security/2024/03/29/4
- https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users
- http://www.openwall.com/lists/oss-security/2024/03/29/10
- http://www.openwall.com/lists/oss-security/2024/03/29/12
- http://www.openwall.com/lists/oss-security/2024/03/29/4
- http://www.openwall.com/lists/oss-security/2024/03/29/5
- http://www.openwall.com/lists/oss-security/2024/03/29/8
- http://www.openwall.com/lists/oss-security/2024/03/30/12
Full detection coverage & IOCs for threats exploiting CVE-2024-3094 are available via the Threadlinqs MCP server (Purple tier). View plans →