CVE-2024-3094 (GCVE-0-2024-3094)
Vulnerability from cvelistv5 – Published: 2024-03-29 16:51 – Updated: 2025-11-20 07:17
VLAI?
Summary
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0.
Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.
Severity ?
10 (Critical)
CWE
- CWE-506 - Embedded Malicious Code
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Affected:
5.6.0
Affected: 5.6.1 |
||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
Credits
Red Hat would like to thank Andres Freund for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3094",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-02T04:00:23.138684Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T15:37:17.662Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-08-19T00:24:09.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.binarly.io/blog/persistent-risk-xz-utils-backdoor-still-lurking-in-docker-images"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-3094"
},
{
"tags": [
"x_transferred"
],
"url": "https://ariadne.space/2024/04/02/the-xz-utils-backdoor-is-a-symptom-of-a-larger-problem/"
},
{
"tags": [
"x_transferred"
],
"url": "https://arstechnica.com/security/2024/03/backdoor-found-in-widely-used-linux-utility-breaks-encrypted-ssh-connections/"
},
{
"tags": [
"x_transferred"
],
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2024-002/"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.netbsd.org/tnf/entry/statement_on_backdoor_in_xz"
},
{
"tags": [
"x_transferred"
],
"url": "https://boehs.org/node/everything-i-know-about-the-xz-backdoor"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068024"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.gentoo.org/928134"
},
{
"name": "RHBZ#2272210",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272210"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1222124"
},
{
"tags": [
"x_transferred"
],
"url": "https://discourse.nixos.org/t/cve-2024-3094-malicious-code-in-xz-5-6-0-and-5-6-1-tarballs/42405"
},
{
"tags": [
"x_transferred"
],
"url": "https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/advisories/GHSA-rxwq-x6h5-x525"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/amlweems/xzbot"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/karcherm/xz-malware"
},
{
"tags": [
"x_transferred"
],
"url": "https://gynvael.coldwind.pl/?lang=en\u0026id=782"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-security-announce/2024/msg00057.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.freebsd.org/archives/freebsd-security/2024-March/000248.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lwn.net/Articles/967180/"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=39865810"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=39877267"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=39895344"
},
{
"tags": [
"x_transferred"
],
"url": "https://openssf.org/blog/2024/03/30/xz-backdoor-cve-2024-3094/"
},
{
"tags": [
"x_transferred"
],
"url": "https://research.swtch.com/xz-script"
},
{
"tags": [
"x_transferred"
],
"url": "https://research.swtch.com/xz-timeline"
},
{
"tags": [
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2024-3094"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.alpinelinux.org/vuln/CVE-2024-3094"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.archlinux.org/CVE-2024-3094"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240402-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "https://tukaani.org/xz-backdoor/"
},
{
"tags": [
"x_transferred"
],
"url": "https://twitter.com/LetsDefendIO/status/1774804387417751958"
},
{
"tags": [
"x_transferred"
],
"url": "https://twitter.com/debian/status/1774219194638409898"
},
{
"tags": [
"x_transferred"
],
"url": "https://twitter.com/infosecb/status/1774595540233167206"
},
{
"tags": [
"x_transferred"
],
"url": "https://twitter.com/infosecb/status/1774597228864139400"
},
{
"tags": [
"x_transferred"
],
"url": "https://ubuntu.com/security/CVE-2024-3094"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.darkreading.com/vulnerabilities-threats/are-you-affected-by-the-backdoor-in-xz-utils"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.kali.org/blog/about-the-xz-backdoor/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2024/03/29/4"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/blog/frequently-asked-questions-cve-2024-3094-supply-chain-backdoor-in-xz-utils"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.theregister.com/2024/03/29/malicious_backdoor_xz/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.vicarius.io/vsociety/vulnerabilities/cve-2024-3094"
},
{
"tags": [
"x_transferred"
],
"url": "https://xeiaso.net/notes/2024/xz-vuln/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/30/12"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/30/27"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/29/12"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/29/10"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/30/36"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/16/5"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/29/8"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/30/5"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/29/5"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/29/4"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/tukaani-project/xz",
"defaultStatus": "unaffected",
"packageName": "xz",
"versions": [
{
"status": "affected",
"version": "5.6.0"
},
{
"status": "affected",
"version": "5.6.1"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "unaffected",
"packageName": "xz",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "xz",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "xz",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "xz",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "xz",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8"
],
"defaultStatus": "unaffected",
"packageName": "xz",
"product": "Red Hat JBoss Enterprise Application Platform 8",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Andres Freund for reporting this issue."
}
],
"datePublic": "2024-03-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. \r\nThrough a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Critical"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-506",
"description": "Embedded Malicious Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T07:17:48.594Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-3094"
},
{
"name": "RHBZ#2272210",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272210"
},
{
"url": "https://www.openwall.com/lists/oss-security/2024/03/29/4"
},
{
"url": "https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-27T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-03-29T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Xz: malicious code in distributed source",
"x_redhatCweChain": "CWE-506: Embedded Malicious Code"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-3094",
"datePublished": "2024-03-29T16:51:12.588Z",
"dateReserved": "2024-03-29T15:38:13.249Z",
"dateUpdated": "2025-11-20T07:17:48.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:tukaani:xz:5.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"73F1DAD7-F362-4C5B-B980-2E5313C369DA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:tukaani:xz:5.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"55782A0B-B9C5-4536-A885-84CAB7029C09\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. \\r\\nThrough a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.\"}, {\"lang\": \"es\", \"value\": \"Se descubri\\u00f3 c\\u00f3digo malicioso en los archivos tar ascendentes de xz, a partir de la versi\\u00f3n 5.6.0. A trav\\u00e9s de una serie de ofuscaciones complejas, el proceso de compilaci\\u00f3n de liblzma extrae un archivo objeto premanipulado de un archivo de prueba disfrazado existente en el c\\u00f3digo fuente, que luego se utiliza para modificar funciones espec\\u00edficas en el c\\u00f3digo de liblzma. Esto da como resultado una librer\\u00eda liblzma modificada que puede ser utilizada por cualquier software vinculado a esta librer\\u00eda, interceptando y modificando la interacci\\u00f3n de datos con esta librer\\u00eda.\"}]",
"id": "CVE-2024-3094",
"lastModified": "2024-11-21T09:28:53.110",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 10.0, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 6.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 10.0, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 6.0}]}",
"published": "2024-03-29T17:15:21.150",
"references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/29/10\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/29/12\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/29/4\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/29/5\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/29/8\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/30/12\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/30/27\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/30/36\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/30/5\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/16/5\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2024-3094\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://ariadne.space/2024/04/02/the-xz-utils-backdoor-is-a-symptom-of-a-larger-problem/\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://arstechnica.com/security/2024/03/backdoor-found-in-widely-used-linux-utility-breaks-encrypted-ssh-connections/\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://aws.amazon.com/security/security-bulletins/AWS-2024-002/\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://blog.netbsd.org/tnf/entry/statement_on_backdoor_in_xz\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://boehs.org/node/everything-i-know-about-the-xz-backdoor\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068024\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"https://bugs.gentoo.org/928134\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2272210\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.suse.com/show_bug.cgi?id=1222124\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://discourse.nixos.org/t/cve-2024-3094-malicious-code-in-xz-5-6-0-and-5-6-1-tarballs/42405\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/advisories/GHSA-rxwq-x6h5-x525\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/amlweems/xzbot\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://github.com/karcherm/xz-malware\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://gynvael.coldwind.pl/?lang=en\u0026id=782\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Technical Description\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-security-announce/2024/msg00057.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.freebsd.org/archives/freebsd-security/2024-March/000248.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lwn.net/Articles/967180/\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://news.ycombinator.com/item?id=39865810\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://news.ycombinator.com/item?id=39877267\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://news.ycombinator.com/item?id=39895344\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://openssf.org/blog/2024/03/30/xz-backdoor-cve-2024-3094/\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://research.swtch.com/xz-script\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://research.swtch.com/xz-timeline\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://security-tracker.debian.org/tracker/CVE-2024-3094\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.alpinelinux.org/vuln/CVE-2024-3094\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.archlinux.org/CVE-2024-3094\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240402-0001/\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://tukaani.org/xz-backdoor/\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://twitter.com/LetsDefendIO/status/1774804387417751958\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://twitter.com/debian/status/1774219194638409898\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Press/Media Coverage\"]}, {\"url\": \"https://twitter.com/infosecb/status/1774595540233167206\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Press/Media Coverage\"]}, {\"url\": \"https://twitter.com/infosecb/status/1774597228864139400\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Press/Media Coverage\"]}, {\"url\": \"https://ubuntu.com/security/CVE-2024-3094\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.darkreading.com/vulnerabilities-threats/are-you-affected-by-the-backdoor-in-xz-utils\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.kali.org/blog/about-the-xz-backdoor/\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://www.openwall.com/lists/oss-security/2024/03/29/4\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.tenable.com/blog/frequently-asked-questions-cve-2024-3094-supply-chain-backdoor-in-xz-utils\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.theregister.com/2024/03/29/malicious_backdoor_xz/\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Press/Media Coverage\"]}, {\"url\": \"https://www.vicarius.io/vsociety/vulnerabilities/cve-2024-3094\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://xeiaso.net/notes/2024/xz-vuln/\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/29/10\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/29/12\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/29/4\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/29/5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/29/8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/30/12\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/30/27\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/30/36\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/30/5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/16/5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2024-3094\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://ariadne.space/2024/04/02/the-xz-utils-backdoor-is-a-symptom-of-a-larger-problem/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://arstechnica.com/security/2024/03/backdoor-found-in-widely-used-linux-utility-breaks-encrypted-ssh-connections/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://aws.amazon.com/security/security-bulletins/AWS-2024-002/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://blog.netbsd.org/tnf/entry/statement_on_backdoor_in_xz\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://boehs.org/node/everything-i-know-about-the-xz-backdoor\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068024\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"https://bugs.gentoo.org/928134\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2272210\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.suse.com/show_bug.cgi?id=1222124\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://discourse.nixos.org/t/cve-2024-3094-malicious-code-in-xz-5-6-0-and-5-6-1-tarballs/42405\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/advisories/GHSA-rxwq-x6h5-x525\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/amlweems/xzbot\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/karcherm/xz-malware\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://gynvael.coldwind.pl/?lang=en\u0026id=782\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Technical Description\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-security-announce/2024/msg00057.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.freebsd.org/archives/freebsd-security/2024-March/000248.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lwn.net/Articles/967180/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://news.ycombinator.com/item?id=39865810\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://news.ycombinator.com/item?id=39877267\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://news.ycombinator.com/item?id=39895344\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://openssf.org/blog/2024/03/30/xz-backdoor-cve-2024-3094/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://research.swtch.com/xz-script\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://research.swtch.com/xz-timeline\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security-tracker.debian.org/tracker/CVE-2024-3094\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.alpinelinux.org/vuln/CVE-2024-3094\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.archlinux.org/CVE-2024-3094\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240402-0001/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://tukaani.org/xz-backdoor/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://twitter.com/LetsDefendIO/status/1774804387417751958\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://twitter.com/debian/status/1774219194638409898\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Press/Media Coverage\"]}, {\"url\": \"https://twitter.com/infosecb/status/1774595540233167206\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Press/Media Coverage\"]}, {\"url\": \"https://twitter.com/infosecb/status/1774597228864139400\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Press/Media Coverage\"]}, {\"url\": \"https://ubuntu.com/security/CVE-2024-3094\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.darkreading.com/vulnerabilities-threats/are-you-affected-by-the-backdoor-in-xz-utils\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.kali.org/blog/about-the-xz-backdoor/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.openwall.com/lists/oss-security/2024/03/29/4\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.tenable.com/blog/frequently-asked-questions-cve-2024-3094-supply-chain-backdoor-in-xz-utils\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.theregister.com/2024/03/29/malicious_backdoor_xz/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Press/Media Coverage\"]}, {\"url\": \"https://www.vicarius.io/vsociety/vulnerabilities/cve-2024-3094\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://xeiaso.net/notes/2024/xz-vuln/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-506\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-3094\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2024-03-29T17:15:21.150\",\"lastModified\":\"2025-08-19T01:15:57.407\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. \\r\\nThrough a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.\"},{\"lang\":\"es\",\"value\":\"Se descubri\u00f3 c\u00f3digo malicioso en los archivos tar ascendentes de xz, a partir de la versi\u00f3n 5.6.0. A trav\u00e9s de una serie de ofuscaciones complejas, el proceso de compilaci\u00f3n de liblzma extrae un archivo objeto premanipulado de un archivo de prueba disfrazado existente en el c\u00f3digo fuente, que luego se utiliza para modificar funciones espec\u00edficas en el c\u00f3digo de liblzma. Esto da como resultado una librer\u00eda liblzma modificada que puede ser utilizada por cualquier software vinculado a esta librer\u00eda, interceptando y modificando la interacci\u00f3n de datos con esta librer\u00eda.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-506\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tukaani:xz:5.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73F1DAD7-F362-4C5B-B980-2E5313C369DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tukaani:xz:5.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55782A0B-B9C5-4536-A885-84CAB7029C09\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/security/cve/CVE-2024-3094\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2272210\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2024/03/29/4\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/03/29/10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/03/29/12\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/03/29/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/03/29/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/03/29/8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/03/30/12\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/03/30/27\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/03/30/36\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/03/30/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/04/16/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2024-3094\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://ariadne.space/2024/04/02/the-xz-utils-backdoor-is-a-symptom-of-a-larger-problem/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://arstechnica.com/security/2024/03/backdoor-found-in-widely-used-linux-utility-breaks-encrypted-ssh-connections/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://aws.amazon.com/security/security-bulletins/AWS-2024-002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://blog.netbsd.org/tnf/entry/statement_on_backdoor_in_xz\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://boehs.org/node/everything-i-know-about-the-xz-backdoor\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068024\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://bugs.gentoo.org/928134\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2272210\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=1222124\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://discourse.nixos.org/t/cve-2024-3094-malicious-code-in-xz-5-6-0-and-5-6-1-tarballs/42405\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/advisories/GHSA-rxwq-x6h5-x525\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/amlweems/xzbot\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/karcherm/xz-malware\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://gynvael.coldwind.pl/?lang=en\u0026id=782\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-security-announce/2024/msg00057.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.freebsd.org/archives/freebsd-security/2024-March/000248.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lwn.net/Articles/967180/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://news.ycombinator.com/item?id=39865810\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://news.ycombinator.com/item?id=39877267\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://news.ycombinator.com/item?id=39895344\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://openssf.org/blog/2024/03/30/xz-backdoor-cve-2024-3094/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://research.swtch.com/xz-script\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://research.swtch.com/xz-timeline\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security-tracker.debian.org/tracker/CVE-2024-3094\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.alpinelinux.org/vuln/CVE-2024-3094\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.archlinux.org/CVE-2024-3094\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240402-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://tukaani.org/xz-backdoor/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://twitter.com/LetsDefendIO/status/1774804387417751958\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://twitter.com/debian/status/1774219194638409898\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"https://twitter.com/infosecb/status/1774595540233167206\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"https://twitter.com/infosecb/status/1774597228864139400\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"https://ubuntu.com/security/CVE-2024-3094\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.binarly.io/blog/persistent-risk-xz-utils-backdoor-still-lurking-in-docker-images\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.darkreading.com/vulnerabilities-threats/are-you-affected-by-the-backdoor-in-xz-utils\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.kali.org/blog/about-the-xz-backdoor/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.openwall.com/lists/oss-security/2024/03/29/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.tenable.com/blog/frequently-asked-questions-cve-2024-3094-supply-chain-backdoor-in-xz-utils\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.theregister.com/2024/03/29/malicious_backdoor_xz/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\"]},{\"url\":\"https://www.vicarius.io/vsociety/vulnerabilities/cve-2024-3094\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://xeiaso.net/notes/2024/xz-vuln/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.binarly.io/blog/persistent-risk-xz-utils-backdoor-still-lurking-in-docker-images\"}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2024-3094\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://ariadne.space/2024/04/02/the-xz-utils-backdoor-is-a-symptom-of-a-larger-problem/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://arstechnica.com/security/2024/03/backdoor-found-in-widely-used-linux-utility-breaks-encrypted-ssh-connections/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://aws.amazon.com/security/security-bulletins/AWS-2024-002/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://blog.netbsd.org/tnf/entry/statement_on_backdoor_in_xz\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://boehs.org/node/everything-i-know-about-the-xz-backdoor\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068024\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://bugs.gentoo.org/928134\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2272210\", \"name\": \"RHBZ#2272210\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\", \"x_transferred\"]}, {\"url\": \"https://bugzilla.suse.com/show_bug.cgi?id=1222124\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://discourse.nixos.org/t/cve-2024-3094-malicious-code-in-xz-5-6-0-and-5-6-1-tarballs/42405\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/advisories/GHSA-rxwq-x6h5-x525\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/amlweems/xzbot\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/karcherm/xz-malware\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://gynvael.coldwind.pl/?lang=en\u0026id=782\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-security-announce/2024/msg00057.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.freebsd.org/archives/freebsd-security/2024-March/000248.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lwn.net/Articles/967180/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://news.ycombinator.com/item?id=39865810\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://news.ycombinator.com/item?id=39877267\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://news.ycombinator.com/item?id=39895344\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://openssf.org/blog/2024/03/30/xz-backdoor-cve-2024-3094/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://research.swtch.com/xz-script\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://research.swtch.com/xz-timeline\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security-tracker.debian.org/tracker/CVE-2024-3094\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.alpinelinux.org/vuln/CVE-2024-3094\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.archlinux.org/CVE-2024-3094\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240402-0001/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://tukaani.org/xz-backdoor/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://twitter.com/LetsDefendIO/status/1774804387417751958\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://twitter.com/debian/status/1774219194638409898\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://twitter.com/infosecb/status/1774595540233167206\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://twitter.com/infosecb/status/1774597228864139400\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://ubuntu.com/security/CVE-2024-3094\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.darkreading.com/vulnerabilities-threats/are-you-affected-by-the-backdoor-in-xz-utils\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.kali.org/blog/about-the-xz-backdoor/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.openwall.com/lists/oss-security/2024/03/29/4\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.tenable.com/blog/frequently-asked-questions-cve-2024-3094-supply-chain-backdoor-in-xz-utils\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.theregister.com/2024/03/29/malicious_backdoor_xz/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.vicarius.io/vsociety/vulnerabilities/cve-2024-3094\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://xeiaso.net/notes/2024/xz-vuln/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/30/12\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/30/27\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/29/12\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/29/10\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/30/36\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/16/5\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/29/8\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/30/5\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/29/5\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/29/4\", \"tags\": [\"x_transferred\"]}], \"x_generator\": {\"engine\": \"ADPogram 0.0.1\"}, \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-08-19T00:24:09.962Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-3094\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-04-02T04:00:23.138684Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-04-29T18:42:23.582Z\"}}], \"cna\": {\"title\": \"Xz: malicious code in distributed source\", \"credits\": [{\"lang\": \"en\", \"value\": \"Red Hat would like to thank Andres Freund for reporting this issue.\"}], \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Critical\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 10, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"versions\": [{\"status\": \"affected\", \"version\": \"5.6.0\"}, {\"status\": \"affected\", \"version\": \"5.6.1\"}], \"packageName\": \"xz\", \"collectionURL\": \"https://github.com/tukaani-project/xz\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 10\", \"packageName\": \"xz\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 6\", \"packageName\": \"xz\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 7\", \"packageName\": \"xz\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"packageName\": \"xz\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"packageName\": \"xz\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 8\", \"packageName\": \"xz\", \"collectionURL\": \"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html\", \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2024-03-27T00:00:00+00:00\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2024-03-29T00:00:00+00:00\", \"value\": \"Made public.\"}], \"datePublic\": \"2024-03-29T00:00:00.000Z\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2024-3094\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2272210\", \"name\": \"RHBZ#2272210\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://www.openwall.com/lists/oss-security/2024/03/29/4\"}, {\"url\": \"https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. \\r\\nThrough a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-506\", \"description\": \"Embedded Malicious Code\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2025-11-20T07:17:48.594Z\"}, \"x_redhatCweChain\": \"CWE-506: Embedded Malicious Code\"}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-3094\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-20T07:17:48.594Z\", \"dateReserved\": \"2024-03-29T15:38:13.249Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2024-03-29T16:51:12.588Z\", \"assignerShortName\": \"redhat\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…