cve/2024/CVE-2024-3094.md

### [CVE-2024-3094](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3094)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%208&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Embedded%20Malicious%20Code&color=brighgreen)

### Description

Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. 
Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.

### POC

#### Reference
- http://www.openwall.com/lists/oss-security/2024/04/16/5
- https://lwn.net/Articles/967180/
- https://news.ycombinator.com/item?id=39895344
- https://www.tenable.com/blog/frequently-asked-questions-cve-2024-3094-supply-chain-backdoor-in-xz-utils
- https://www.vicarius.io/vsociety/vulnerabilities/cve-2024-3094

#### Github
- https://github.com/0x7Fancy/0x7Fancy.github.io
- https://github.com/0xlane/xz-cve-2024-3094
- https://github.com/Bella-Bc/xz-backdoor-CVE-2024-3094-Check
- https://github.com/Cas-Cornelissen/xz-vulnerability-ansible
- https://github.com/CyberGuard-Foundation/CVE-2024-3094
- https://github.com/EGI-Federation/SVG-advisories
- https://github.com/FabioBaroni/CVE-2024-3094-checker
- https://github.com/Fatal016/xz_lab
- https://github.com/Fractal-Tess/CVE-2024-3094
- https://github.com/Getshell/xzDoor
- https://github.com/GhostTroops/TOP
- https://github.com/Hacker-Hermanos/CVE-2024-3094_xz_check
- https://github.com/HaveFun83/awesome-stars
- https://github.com/Horizon-Software-Development/CVE-2024-3094
- https://github.com/JVS23/cybsec-project-2024
- https://github.com/Jappie3/starred
- https://github.com/JonathanSiemering/stars
- https://github.com/Juul/xz-backdoor-scan
- https://github.com/MagpieRYL/CVE-2024-3094-backdoor-env-container
- https://github.com/MrBUGLF/XZ-Utils_CVE-2024-3094
- https://github.com/Mustafa1986/CVE-2024-3094
- https://github.com/OpensourceICTSolutions/xz_utils-CVE-2024-3094
- https://github.com/QuentinN42/xztester
- https://github.com/SOC-SC/XZ-Response
- https://github.com/ScrimForever/CVE-2024-3094
- https://github.com/Security-Phoenix-demo/CVE-2024-3094-fix-exploits
- https://github.com/Simplifi-ED/CVE-2024-3094-patcher
- https://github.com/Technetium1/stars
- https://github.com/TheTorjanCaptain/CVE-2024-3094-Checker
- https://github.com/Thiagocsoaresbh/heroku-test
- https://github.com/Yuma-Tsushima07/CVE-2024-3094
- https://github.com/ackemed/detectar_cve-2024-3094
- https://github.com/adibue/brew-xz-patcher
- https://github.com/alexzeitgeist/starred
- https://github.com/alokemajumder/CVE-2024-3094-Vulnerability-Checker-Fixer
- https://github.com/amlweems/xzbot
- https://github.com/aneasystone/github-trending
- https://github.com/anhnmt/ansible-check-xz-utils
- https://github.com/ashwani95/CVE-2024-3094
- https://github.com/awdemos/demos
- https://github.com/badsectorlabs/ludus_xz_backdoor
- https://github.com/bioless/xz_cve-2024-3094_detection
- https://github.com/bollwarm/SecToolSet
- https://github.com/brinhosa/CVE-2024-3094-One-Liner
- https://github.com/bsekercioglu/cve2024-3094-Checker
- https://github.com/buluma/ansible-role-crowd
- https://github.com/buluma/ansible-role-cve_2024_3094
- https://github.com/buluma/ansible-role-openjdk
- https://github.com/buluma/buluma
- https://github.com/byinarie/CVE-2024-3094-info
- https://github.com/c4pt000/kernel-6.8.3-expSEHDsec-fclock-fsync-cpu
- https://github.com/chadsr/stars
- https://github.com/chavezvic/update-checker-Penguin
- https://github.com/christoofar/safexz
- https://github.com/crfearnworks/ansible-CVE-2024-3094
- https://github.com/crosscode-nl/snowflake
- https://github.com/cxyfreedom/website-hot-hub
- https://github.com/dah4k/CVE-2024-3094
- https://github.com/devjanger/CVE-2024-3094-XZ-Backdoor-Detector
- https://github.com/donmccaughey/xz_pkg
- https://github.com/dparksports/detect_intrusion
- https://github.com/drdry2/CVE-2024-3094-EXPLOIT
- https://github.com/duytruongpham/duytruongpham
- https://github.com/ecomtech-oss/pisc
- https://github.com/emirkmo/xz-backdoor-github
- https://github.com/enomothem/PenTestNote
- https://github.com/felipecosta09/cve-2024-3094
- https://github.com/fevar54/Detectar-Backdoor-en-liblzma-de-XZ-utils-CVE-2024-3094-
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/gaahrdner/starred
- https://github.com/galacticquest/cve-2024-3094-detect
- https://github.com/gayatriracha/CVE-2024-3094-Nmap-NSE-script
- https://github.com/gustavorobertux/CVE-2024-3094
- https://github.com/hackingetico21/revisaxzutils
- https://github.com/hanmin0512/Data_splunk
- https://github.com/harekrishnarai/xz-utils-vuln-checker
- https://github.com/hazemkya/CVE-2024-3094-checker
- https://github.com/hoanbi1812000/hoanbi1812000
- https://github.com/iakat/stars
- https://github.com/iheb2b/CVE-2024-3094-Checker
- https://github.com/initMAX/Zabbix-Templates
- https://github.com/initMAX/zabbix-templates
- https://github.com/isuruwa/CVE-2024-3094
- https://github.com/jafshare/GithubTrending
- https://github.com/jbnetwork-git/linux-tools
- https://github.com/jfrog/cve-2024-3094-tools
- https://github.com/johe123qwe/github-trending
- https://github.com/juev/links
- https://github.com/k4t3pr0/Check-CVE-2024-3094
- https://github.com/kornelski/cargo-deb
- https://github.com/kun-g/Scraping-Github-trending
- https://github.com/lemon-mint/stars
- https://github.com/lockness-Ko/xz-vulnerable-honeypot
- https://github.com/lu-zero/autotools-rs
- https://github.com/lypd0/CVE-2024-3094-Vulnerabity-Checker
- https://github.com/marcelofmatos/ssh-xz-backdoor
- https://github.com/marcoramilli/marcoramilli
- https://github.com/mauvehed/starred
- https://github.com/mesutgungor/xz-backdoor-vulnerability
- https://github.com/mightysai1997/CVE-2024-3094
- https://github.com/mightysai1997/CVE-2024-3094-info
- https://github.com/mightysai1997/xzbot
- https://github.com/mmomtchev/ffmpeg
- https://github.com/mmomtchev/magickwand.js
- https://github.com/neuralinhibitor/xzwhy
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/orhun/flawz
- https://github.com/pentestfunctions/CVE-2024-3094
- https://github.com/prototux/xz-backdoor-recreation
- https://github.com/przemoc/xz-backdoor-links
- https://github.com/r0binak/xzk8s
- https://github.com/reuteras/CVE-2024-3094
- https://github.com/rezigned/xz-backdoor
- https://github.com/rezigned/xz-backdoor-container-image
- https://github.com/robertdebock/ansible-playbook-cve-2024-3094
- https://github.com/robertdebock/ansible-role-cve_2024_3094
- https://github.com/samokat-oss/pisc
- https://github.com/sampsonv/github-trending
- https://github.com/sarutobi12/sarutobi12
- https://github.com/schu/notebook
- https://github.com/securitycipher/daily-bugbounty-writeups
- https://github.com/silentEAG/awesome-stars
- https://github.com/sunlei/awesome-stars
- https://github.com/tanjiti/sec_profile
- https://github.com/teyhouse/CVE-2024-3094
- https://github.com/trngtam10d/trngtam10d
- https://github.com/ulikunitz/xz
- https://github.com/unresolv/stars
- https://github.com/vuduclyunitn/software_supply_chain_papers
- https://github.com/weltregie/liblzma-scan
- https://github.com/wgetnz/CVE-2024-3094-check
- https://github.com/zayidu/zayidu
- https://github.com/zgimszhd61/cve-2024-3094-detect-tool
- https://github.com/zhaoxiaoha/github-trending
- https://github.com/zoroqi/my-awesome