CVE-2024-3094 – Malicious code was discovered in the upstream tarballs of xz, starting with version …

29 March 2024

Vuln ID: CVE-2024-3094

Published: 2024-03-29 17:15:21.150

Description: Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. The tarballs included extra .m4 files, which contained instructions for building with automake that did not exist in the repository. These instructions, through a series of complex obfuscations, extract a prebuilt object file from one of the test archives, which is then used to modify specific functions in the code while building the liblzma package. This issue results in liblzma being used by additional software, like sshd, to provide functionality that will be interpreted by the modified functions.

Base Score: 10 – CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Source: NVD.NIST.GOV

Date:

29 March 2024

Categorie(s):

NVD

Tag(s):

NVD

Sinister SpyAgent Android Malware Uses Optics To Crack Your Crypto Wallet7 September 2024
Despite cyberattacks, water security standards remain a pipe dream7 September 2024
Hackers Threaten to Leak Planned Parenthood Data7 September 2024
Protect AI Democratizes AI Security Training with Free MLSecOps Foundations Online Learning Course 7 September 2024
North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams7 September 2024