CVE-2024-3094— Xz: malicious code in distributed source
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-3094
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Xz: malicious code in distributed source
Source: NVD (National Vulnerability Database)
Vulnerability Description
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
内嵌的恶意代码
Source: NVD (National Vulnerability Database)
Vulnerability Title
xz 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
xz是一个应用软件。用于支持读取和写入xz压缩流。 XZ Utils 5.6.0版本和5.6.1版本存在安全漏洞,该漏洞源于允许攻击者嵌入恶意代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 | - | cpe:/o:redhat:enterprise_linux:10 | |
| Red Hat | Red Hat Enterprise Linux 6 | - | cpe:/o:redhat:enterprise_linux:6 | |
| Red Hat | Red Hat Enterprise Linux 7 | - | cpe:/o:redhat:enterprise_linux:7 | |
| Red Hat | Red Hat Enterprise Linux 8 | - | cpe:/o:redhat:enterprise_linux:8 | |
| Red Hat | Red Hat Enterprise Linux 9 | - | cpe:/o:redhat:enterprise_linux:9 | |
| Red Hat | Red Hat JBoss Enterprise Application Platform 8 | - | cpe:/a:redhat:jboss_enterprise_application_platform:8 |
II. Public POCs for CVE-2024-3094
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | Information for CVE-2024-3094 | https://github.com/byinarie/CVE-2024-3094-info | POC Details |
| 2 | Quick and dirty PoC for checking whether a vulnerable version of xz-utils is installed (CVE-2024-3094) | https://github.com/FabioBaroni/CVE-2024-3094-checker | POC Details |
| 3 | Verify that your XZ Utils version is not vulnerable to CVE-2024-3094 | https://github.com/lypd0/CVE-2024-3094-Vulnerabity-Checker | POC Details |
| 4 | None | https://github.com/OpensourceICTSolutions/xz_utils-CVE-2024-3094 | POC Details |
| 5 | Script to detect CVE-2024-3094. | https://github.com/bioless/xz_cve-2024-3094_detection | POC Details |
| 6 | This repository contains a Bash script and a one-liner command to verify if a system is running a vulnerable version of the "xz" utility, as specified by CVE-2024-3094. | https://github.com/Hacker-Hermanos/CVE-2024-3094_xz_check | POC Details |
| 7 | None | https://github.com/Fractal-Tess/CVE-2024-3094 | POC Details |
| 8 | None | https://github.com/wgetnz/CVE-2024-3094-check | POC Details |
| 9 | History of commits related to the xz backdoor Discovered On March 29, 2024: CVE-2024-3094. | https://github.com/emirkmo/xz-backdoor-github | POC Details |
| 10 | xz exploit to privilege escalation in Linux | https://github.com/Jooose001/CVE-2024-3094-EXPLOIT | POC Details |
| 11 | None | https://github.com/ashwani95/CVE-2024-3094 | POC Details |
| 12 | Checker for CVE-2024-3094 where malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. | https://github.com/harekrishnarai/xz-utils-vuln-checker | POC Details |
| 13 | K8S and Docker Vulnerability Check for CVE-2024-3094 | https://github.com/teyhouse/CVE-2024-3094 | POC Details |
| 14 | This project contains a shell script designed to help users identify and fix installations of xz-utils affected by the CVE-2024-3094 vulnerability. Versions 5.6.0 and 5.6.1 of xz-utils are known to be vulnerable, and this script aids in detecting them and optionally downgrading to a stable, un-compromised version (5.4.6). | https://github.com/alokemajumder/CVE-2024-3094-Vulnerability-Checker-Fixer | POC Details |
| 15 | None | https://github.com/Horizon-Software-Development/CVE-2024-3094 | POC Details |
| 16 | None | https://github.com/hazemkya/CVE-2024-3094-checker | POC Details |
| 17 | An ssh honeypot with the XZ backdoor. CVE-2024-3094 | https://github.com/lockness-Ko/xz-vulnerable-honeypot | POC Details |
| 18 | None | https://github.com/brinhosa/CVE-2024-3094-One-Liner | POC Details |
| 19 | CVE-2024-3094 | https://github.com/isuruwa/CVE-2024-3094 | POC Details |
| 20 | None | https://github.com/k4t3pr0/Check-CVE-2024-3094 | POC Details |
| 21 | A script to detect if xz is vulnerable - CVE-2024-3094 | https://github.com/Yuma-Tsushima07/CVE-2024-3094 | POC Details |
| 22 | None | https://github.com/jfrog/cve-2024-3094-tools | POC Details |
| 23 | None | https://github.com/krascovict/OSINT---CVE-2024-3094- | POC Details |
| 24 | Ansible playbook for patching CVE-2024-3094 | https://github.com/Simplifi-ED/CVE-2024-3094-patcher | POC Details |
| 25 | None | https://github.com/gayatriracha/CVE-2024-3094-Nmap-NSE-script | POC Details |
| 26 | None | https://github.com/Mustafa1986/CVE-2024-3094 | POC Details |
| 27 | XZ-Utils工具库恶意后门植入漏洞(CVE-2024-3094) | https://github.com/MrBUGLF/XZ-Utils_CVE-2024-3094 | POC Details |
| 28 | None | https://github.com/galacticquest/cve-2024-3094-detect | POC Details |
| 29 | None | https://github.com/zgimszhd61/cve-2024-3094-detect-tool | POC Details |
| 30 | None | https://github.com/mightysai1997/CVE-2024-3094-info | POC Details |
| 31 | None | https://github.com/mightysai1997/CVE-2024-3094 | POC Details |
| 32 | CVE-2024-3094 | https://github.com/mesutgungor/xz-backdoor-vulnerability | POC Details |
| 33 | Obsidian notes about CVE-2024-3094 | https://github.com/reuteras/CVE-2024-3094 | POC Details |
| 34 | notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094) | https://github.com/amlweems/xzbot | POC Details |
| 35 | Checker - CVE-2024-3094 | https://github.com/gustavorobertux/CVE-2024-3094 | POC Details |
| 36 | None | https://github.com/ackemed/detectar_cve-2024-3094 | POC Details |
| 37 | XZ Backdoor Extract | https://github.com/0xlane/xz-cve-2024-3094 | POC Details |
| 38 | None | https://github.com/dah4k/CVE-2024-3094 | POC Details |
| 39 | Script en bash para revisar si tienes la vulnerabilidad CVE-2024-3094. | https://github.com/hackingetico21/revisaxzutils | POC Details |
| 40 | CVE-2024-3094 XZ Backdoor Detector | https://github.com/devjanger/CVE-2024-3094-XZ-Backdoor-Detector | POC Details |
| 41 | Detectar CVE-2024-3094 | https://github.com/ScrimForever/CVE-2024-3094 | POC Details |
| 42 | CVE-2024-3094 - Checker (fix for arch etc) | https://github.com/pentestfunctions/CVE-2024-3094 | POC Details |
| 43 | Dockerfile and Kubernetes manifests for reproduce CVE-2024-3094 | https://github.com/r0binak/xzk8s | POC Details |
| 44 | apocalypxze: xz backdoor (2024) AKA CVE-2024-3094 related links | https://github.com/przemoc/xz-backdoor-links | POC Details |
| 45 | Our current information about the CVE-2024-3094 backdoor. | https://github.com/CyberGuard-Foundation/CVE-2024-3094 | POC Details |
| 46 | Collection of Detection, Fix, and exploit for CVE-2024-3094 | https://github.com/Security-Phoenix-demo/CVE-2024-3094-fix-exploits | POC Details |
| 47 | This is a container environment running CVE-2024-3094 sshd backdoor instance, working with https://github.com/amlweems/xzbot project. IT IS NOT Docker, just implemented by chroot. | https://github.com/MagpieRYL/CVE-2024-3094-backdoor-env-container | POC Details |
| 48 | Verify if your installed version of xz-utils is vulnerable to CVE-2024-3094 backdoor | https://github.com/Bella-Bc/xz-backdoor-CVE-2024-3094-Check | POC Details |
| 49 | The repository consists of a checker file that confirms if your xz version and xz-utils package is vulnerable to CVE-2024-3094. | https://github.com/TheTorjanCaptain/CVE-2024-3094-Checker | POC Details |
| 50 | The CVE-2024-3094 Checker is a Bash tool for identifying if Linux systems are at risk from the CVE-2024-3094 flaw in XZ/LZMA utilities. It checks XZ versions, SSHD's LZMA linkage, and scans for specific byte patterns, delivering results in a concise table format. | https://github.com/iheb2b/CVE-2024-3094-Checker | POC Details |
| 51 | A tutorial on how to detect the CVE 2024-3094 | https://github.com/felipecosta09/cve-2024-3094 | POC Details |
| 52 | Scans liblzma from xu-utils for backdoor (CVE-2024-3094) | https://github.com/weltregie/liblzma-scan | POC Details |
| 53 | Ansible playbooks designed to check and remediate CVE-2024-3094 (XZ Backdoor) | https://github.com/crfearnworks/ansible-CVE-2024-3094 | POC Details |
| 54 | A small repo with a single playbook. | https://github.com/robertdebock/ansible-playbook-cve-2024-3094 | POC Details |
| 55 | An Ansible Role that installs the xz backdoor (CVE-2024-3094) on a Debian host and optionally installs the xzbot tool. | https://github.com/badsectorlabs/ludus_xz_backdoor | POC Details |
| 56 | Scan for files containing the signature from the `xz` backdoor (CVE-2024-3094) | https://github.com/Juul/xz-backdoor-scan | POC Details |
| 57 | None | https://github.com/drdry2/CVE-2024-3094-EXPLOIT | POC Details |
| 58 | La siguiente regla YARA ayuda a detectar la presencia del backdoor en la librería liblzma comprometida en sistemas que utilizan las versiones 5.6.0 y 5.6.1 de la herramienta de compresión XZ. | https://github.com/fevar54/Detectar-Backdoor-en-liblzma-de-XZ-utils-CVE-2024-3094- | POC Details |
| 59 | None | https://github.com/AlexDoe11/CVE-2024-3094-EXPLOIT | POC Details |
| 60 | XZ Utils CVE-2024-3094 POC for Kubernetes | https://github.com/neuralinhibitor/xzwhy | POC Details |
| 61 | Basic POC to test CVE-2024-3094 | https://github.com/shefirot/CVE-2024-3094 | POC Details |
| 62 | SSH EXPLOIT BYPASS AUTH SSH | https://github.com/DANO-AMP/CVE-2024-3094 | POC Details |
| 63 | GNU IFUNC is the real culprit behind CVE-2024-3094 | https://github.com/robertdfrench/ifuncd-up | POC Details |
| 64 | Just a script to test if xz is vulnerable to the cve 2024-3094. | https://github.com/yq93dskimzm2/CVE-2024-3094 | POC Details |
| 65 | Presentazione per il corsi di sicurezza Informatica sulla vulnerabilità CVE-2024-3094 | https://github.com/AndreaCicca/Sicurezza-Informatica-Presentazione | POC Details |
| 66 | CVE-2024-3094 (XZ Backdoor) Tools | https://github.com/XiaomingX/cve-2024-3094-xz-backdoor-exploit | POC Details |
| 67 | Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library. | https://github.com/projectdiscovery/nuclei-templates/blob/main/code/cves/2024/CVE-2024-3094.yaml | POC Details |
| 68 | CVE-2024-3094 실습 환경 구축 및 보고 | https://github.com/been22426/CVE-2024-3094 | POC Details |
| 69 | Shell scripts to identify and fix installations of xz-utils affected by the CVE-2024-3094 vulnerability. Versions 5.6.0 and 5.6.1 of xz-utils are known to be vulnerable, and this script aids in detecting them and optionally downgrading to a stable, un-compromised version (5.4.6) or upgrading to latest version. Added Ansible Playbook | https://github.com/gensecaihq/CVE-2024-3094-Vulnerability-Checker-Fixer | POC Details |
| 70 | Ansible playbooks designed to check and remediate CVE-2024-3094 (XZ Backdoor) | https://github.com/KaminaDuck/ansible-CVE-2024-3094 | POC Details |
| 71 | It was determined that malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. # It was determined that only certain operating systems and operating system versions were affected by this vulnerability. | https://github.com/laxmikumari615/Linux---Security---Detect-and-Mitigate-CVE-2024-3094 | POC Details |
| 72 | A XZ backdoor vulnerability explained in details | https://github.com/valeriot30/cve-2024-3094 | POC Details |
| 73 | Threat intelligence report analyzing the xz-utils backdoor vulnerability (CVE-2024-3094) | https://github.com/24Owais/threat-intel-cve-2024-3094 | POC Details |
| 74 | CVE-2024-3094 | https://github.com/Dermot-lab/TryHack | POC Details |
| 75 | Security analysis project: Real-world CVE breakdown | https://github.com/Ikram124/CVE-2024-3094-analysis | POC Details |
| 76 | None | https://github.com/ykhurshudyan-blip/CVE-2024-3094 | POC Details |
| 77 | CVE-2024-3094 exposed a backdoor in the XZ compression library, allowing remote SSH access by bypassing authentication. It’s a major supply chain attack affecting Linux systems, highlighting risks in trusted open-source components. | https://github.com/mrk336/CVE-2024-3094 | POC Details |
| 78 | None | https://github.com/Titus-soc/-CVE-2024-3094-Vulnerability-Checker-Fixer-Public | POC Details |
| 79 | Obsidian notes about CVE-2024-3094 | https://github.com/zpxlz/CVE-2024-3094 | POC Details |
| 80 | Investigation into the XZ Utils backdoor (CVE-2024-3094): chronology, attack chain, risk to SSH, and supply-chain insights. Includes slides, sources, and mitigations (parity checks, attestations, or SBOMs, as well as SLSA) | https://github.com/M1lo25/CS50FinalProject | POC Details |
| 81 | Script to obfuscate a payload the same way as it was done by the XZ utils attack (CVE-2024-3094) | https://github.com/ThomRgn/xzutils_backdoor_obfuscation | POC Details |
| 82 | CVE-2024-3094 | https://github.com/B1ack4sh/Blackash-CVE-2024-3094 | POC Details |
| 83 | CVE-2024-3094 | https://github.com/Ashwesker/Blackash-CVE-2024-3094 | POC Details |
| 84 | None | https://github.com/hariskhalil555000-sketch/What-utility-does-CVE-2024-3094-refer-to- | POC Details |
| 85 | This repository contains a Bash script and a one-liner command to verify if a system is running a vulnerable version of the "xz" utility, as specified by CVE-2024-3094. | https://github.com/HackerHermanos/CVE-2024-3094_xz_check | POC Details |
| 86 | None | https://github.com/encikayelwhitehat-glitch/CVE-2024-3094 | POC Details |
| 87 | None | https://github.com/BOSE122/CVE-2024-3094 | POC Details |
| 88 | None | https://github.com/spidygal/CVE-2024-3094-Nmap-NSE-script | POC Details |
| 89 | Python demo simulating CVE-2024-3094: a supply chain backdoor in XZ Utils with a trigger-based stealth activation. | https://github.com/hackura/xz-cve-2024-3094 | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-3094
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same weakness: CWE-506
- CVE-2026-6443
Essentialplugin Plugins (Various Versions) - Injected Backdo - CVE-2026-34424
Smart Slider 3 Pro 3.5.1.35 Supply Chain Attack Remote Acces - CVE-2026-33634
Trivy ecosystem supply chain briefly compromised - CVE-2026-31976
xygeni-action v5 tag poisoned with C2 backdoor - CVE-2026-28353
Trivy Vulnerability Scanner: Unauthorized AI Agent Execution
V. Comments for CVE-2024-3094
No comments yet