CVE-2024-3094
SOURCE - nistSummary
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.
EPSS Score: 0.1445 (0.958)
Common Weakness Enumeration (CWE)
SOURCE - nist
Embedded Malicious Code
SOURCE - redhat
Embedded Malicious Code
NIST
CREATED
UPDATED
SOURCE IDCVE-2024-3094
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
10criticalAlpine
CREATED
UPDATED
SOURCE IDCVE-2024-3094
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE
Debian
CREATED
UPDATED
SOURCE IDCVE-2024-3094
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AlowUbuntu
CREATED
UPDATED
SOURCE IDCVE-2024-3094
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
10criticalRed Hat
CREATED
UPDATED
SOURCE IDCVE-2024-3094
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
10criticalChainguard
CREATED
UPDATED
SOURCE ID
CGA-3r9w-5x9c-pwr7
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE
Chainguard
CREATED
UPDATED
SOURCE ID
CGA-xp9g-w4gq-2v78
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE
intheWild
CREATED
UPDATED
SOURCE IDCVE-2024-3094
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE