Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-3094 PoC — Xz: malicious code in distributed source

Source
https://github.com/galacticquest/cve-2024-3094-detect
Associated Vulnerability
Title:Xz: malicious code in distributed source (CVE-2024-3094)
Description:Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.
Readme
# CVE-2024-3094-detect
## XZ Utils Vulnerability Check and Downgrade Script

This script is designed to check the version of XZ Utils installed on your Linux system and downgrade it to a safe version if necessary. It also detects the Linux distribution and the package manager used.

## Features

- Checks the installed version of XZ Utils and identifies if it's vulnerable.
- Detects the Linux distribution (Fedora, Debian, openSUSE, Kali Linux).
- Downgrades XZ Utils to a safe version if needed.

## Prerequisites

- Bash shell (most Linux distributions come with Bash pre-installed).
- Superuser (root) privileges to perform the downgrade operation.

## Usage

1. Download the script (`detect-cve-2024-3094.sh`) to your Linux system.
2. Open a terminal and navigate to the directory containing the script.
3. Make the script executable with the command:
   ```bash
   chmod +x detect-cve-2024-3094.sh
4. Run the script as root (or with sudo) using the command:
   ```bash
   sudo ./detect-cve-2024-3094.sh
File Snapshot

 [4.0K]  /data/pocs/a3ffd9b0dbd0f374d5f2d40790ba46f8468931e3
├── [2.7K]  detect-cve-2024-3094.sh
└── [1010]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →