Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-3094 PoC — Xz: malicious code in distributed source

Source
https://github.com/przemoc/xz-backdoor-links
Associated Vulnerability
Title:Xz: malicious code in distributed source (CVE-2024-3094)
Description:Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.
Description
apocalypxze: xz backdoor (2024) AKA CVE-2024-3094 related links
Readme
apocalypxze: xz backdoor (2024) AKA CVE-2024-3094 related links
===============================================================

Yet another attempt at collecting links relevant to [xz backdoor (2024)][1]
aka [CVE-2024-3094][2].

"Apocalypxze" term borrowed from Jonathan Corbet's [toot][3].

Raw version: https://github.com/przemoc/xz-backdoor-links/blob/main/index.mm.md  
HTML version: https://przemoc.github.io/xz-backdoor-links/

HTML version rendered using [Markmap][4], specifically [markmap-vscode][5],
with updated title after that.

[1]: https://tukaani.org/xz-backdoor/
[2]: https://www.cve.org/CVERecord?id=CVE-2024-3094
[3]: https://social.kernel.org/notice/AgM1lT6HeBpodOubEe
[4]: https://markmap.js.org/
[5]: https://marketplace.visualstudio.com/items?itemName=gera2ld.markmap-vscode

License
-------

CC0 1.0 Universal (CC0 1.0) Public Domain Dedication.
See [LICENSE.CC0](LICENSE.CC0) file for the full license text.
File Snapshot

 [4.0K]  /data/pocs/5bc762769852053541e539641fae406090e8aa6b
├── [ 39K]  index.html
├── [ 23K]  index.mm.md
├── [6.9K]  LICENSE.CC0
└── [ 934]  README.md

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →