Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-3094 PoC — Xz: malicious code in distributed source

Source
https://github.com/zpxlz/CVE-2024-3094
Associated Vulnerability
Title:Xz: malicious code in distributed source (CVE-2024-3094)
Description:Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.
Description
Obsidian notes about CVE-2024-3094
Readme
# CVE-2024-3094

I've moved my notes in Obsidian to a separate vault and this GitHub repository to be able to share it.

The start page is [CVE-2024-3094 xz supply chain](./202403300902%20CVE-2024-3094%20xz%20supply%20chain.md).

## Installation

Clone the repo with `git`.

```
git clone https://github.com/reuteras/CVE-2024-3094.git
```

Then open the checked out folder as a vault in [Obsidian](https://obsidian.md/).
File Snapshot

 [4.0K]  /data/pocs/482f4232fdee92040b74b4bb416d0e2aa1f86f98
├── [ 13K]  202403300902 CVE-2024-3094 xz supply chain.md
├── [7.3K]  202403301312 CVE-2024-3094 -Jia Tan.md
├── [2.8K]  202403301317 CVE-2024-3094 - Lasse Collin.md
├── [ 584]  202403310857 CVE-2024-3094 - Hans Jansen.md
├── [ 681]  202403310919 xz.md
├── [6.5K]  202403310952 CVE-2024-3094 backdoor.md
├── [2.7K]  202404020708 smile.md
├── [1.5K]  202404020728 Tools and rules.md
├── [1.4K]  202404020805 Prevention.md
├── [ 639]  202404030944 Similar attempts.md
├── [ 313]  202404041707 Fallout.md
├── [4.0K]  attachments
│   ├── [ 40K]  B5F089B1-FABC-4915-B65F-06F932A89661.jpg
│   ├── [ 47K]  ec9b20fdb20027a9.png
│   ├── [ 17K]  F64708B6-B703-4FE4-B5AD-92F343667685.jpg
│   ├── [8.0K]  injected-60.txt
│   ├── [9.3K]  injected-61.txt
│   ├── [ 36K]  liblzma_la_crc64_fast_5_6_0_o_gz.bin
│   ├── [ 36K]  liblzma_la_crc64_fast_5_6_1_o_gz.bin
│   ├── [687K]  Pasted image 20240331093406.png
│   ├── [167K]  Pasted image 20240331100021.png
│   ├── [681K]  Pasted image 20240331144449.png
│   └── [230K]  Pasted image 20240401072717.png
├── [4.0K]  Canvas
│   └── [4.9K]  CVE-2024-3094.canvas
├── [ 420]  README.md
└── [4.0K]  Templates
    ├── [ 211]  ZettelkastenTemplate.md
    └── [ 233]  ZettelkastenTemplateQA.md

4 directories, 26 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →