一、 漏洞 CVE-2024-3094 基础信息
漏洞信息
# Xz:分布式源代码中的恶意代码
## 漏洞概述
恶意代码在 xz 的上游 tarballs 中被发现,影响从 5.6.0 版本开始。通过一系列复杂的混淆手段,liblzma 构建过程中会从一个伪装的测试文件中提取出一个预构建的对象文件,并修改 liblzma 代码中的特定功能。这会导致一个修改过的 liblzma 库,进而拦截和修改所有与此库进行数据交互的软件。
## 影响版本
- 5.6.0 及以上版本
## 漏洞细节
1. 恶意代码存在于 xz 的上游 tarballs 中。
2. 通过复杂混淆手段,liblzma 的构建过程会从一个伪装成测试文件的文件中提取出预构建的对象文件。
3. 该对象文件用于修改 liblzma 代码中的特定功能。
4. 修改后生成的 liblzma 库可以拦截和修改与该库进行数据交互的所有软件。
## 漏洞影响
- 会导致一个修改后的 liblzma 库,任何与该库进行数据交互的软件都会受到影响。
- 可以拦截和修改数据交互,从而可能引发数据泄露或其他安全问题。
神龙判断
是否为 Web 类漏洞: 未知
判断理由:
N/A
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
Xz: malicious code in distributed source
来源:美国国家漏洞数据库 NVD
漏洞描述信息
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
来源:美国国家漏洞数据库 NVD
漏洞类别
内嵌的恶意代码
来源:美国国家漏洞数据库 NVD
漏洞标题
xz 安全漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
xz是一个应用软件。用于支持读取和写入xz压缩流。 XZ Utils 5.6.0版本和5.6.1版本存在安全漏洞,该漏洞源于允许攻击者嵌入恶意代码。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
其他
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2024-3094 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | Information for CVE-2024-3094 | https://github.com/byinarie/CVE-2024-3094-info | POC详情 |
| 2 | Quick and dirty PoC for checking whether a vulnerable version of xz-utils is installed (CVE-2024-3094) | https://github.com/FabioBaroni/CVE-2024-3094-checker | POC详情 |
| 3 | Verify that your XZ Utils version is not vulnerable to CVE-2024-3094 | https://github.com/lypd0/CVE-2024-3094-Vulnerabity-Checker | POC详情 |
| 4 | None | https://github.com/OpensourceICTSolutions/xz_utils-CVE-2024-3094 | POC详情 |
| 5 | Script to detect CVE-2024-3094. | https://github.com/bioless/xz_cve-2024-3094_detection | POC详情 |
| 6 | This repository contains a Bash script and a one-liner command to verify if a system is running a vulnerable version of the "xz" utility, as specified by CVE-2024-3094. | https://github.com/Hacker-Hermanos/CVE-2024-3094_xz_check | POC详情 |
| 7 | None | https://github.com/Fractal-Tess/CVE-2024-3094 | POC详情 |
| 8 | None | https://github.com/wgetnz/CVE-2024-3094-check | POC详情 |
| 9 | History of commits related to the xz backdoor Discovered On March 29, 2024: CVE-2024-3094. | https://github.com/emirkmo/xz-backdoor-github | POC详情 |
| 10 | xz exploit to privilege escalation in Linux | https://github.com/Jooose001/CVE-2024-3094-EXPLOIT | POC详情 |
| 11 | None | https://github.com/ashwani95/CVE-2024-3094 | POC详情 |
| 12 | Checker for CVE-2024-3094 where malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. | https://github.com/harekrishnarai/xz-utils-vuln-checker | POC详情 |
| 13 | K8S and Docker Vulnerability Check for CVE-2024-3094 | https://github.com/teyhouse/CVE-2024-3094 | POC详情 |
| 14 | This project contains a shell script designed to help users identify and fix installations of xz-utils affected by the CVE-2024-3094 vulnerability. Versions 5.6.0 and 5.6.1 of xz-utils are known to be vulnerable, and this script aids in detecting them and optionally downgrading to a stable, un-compromised version (5.4.6). | https://github.com/alokemajumder/CVE-2024-3094-Vulnerability-Checker-Fixer | POC详情 |
| 15 | None | https://github.com/Horizon-Software-Development/CVE-2024-3094 | POC详情 |
| 16 | None | https://github.com/hazemkya/CVE-2024-3094-checker | POC详情 |
| 17 | An ssh honeypot with the XZ backdoor. CVE-2024-3094 | https://github.com/lockness-Ko/xz-vulnerable-honeypot | POC详情 |
| 18 | None | https://github.com/brinhosa/CVE-2024-3094-One-Liner | POC详情 |
| 19 | CVE-2024-3094 | https://github.com/isuruwa/CVE-2024-3094 | POC详情 |
| 20 | None | https://github.com/k4t3pr0/Check-CVE-2024-3094 | POC详情 |
| 21 | A script to detect if xz is vulnerable - CVE-2024-3094 | https://github.com/Yuma-Tsushima07/CVE-2024-3094 | POC详情 |
| 22 | None | https://github.com/jfrog/cve-2024-3094-tools | POC详情 |
| 23 | None | https://github.com/krascovict/OSINT---CVE-2024-3094- | POC详情 |
| 24 | Ansible playbook for patching CVE-2024-3094 | https://github.com/Simplifi-ED/CVE-2024-3094-patcher | POC详情 |
| 25 | None | https://github.com/gayatriracha/CVE-2024-3094-Nmap-NSE-script | POC详情 |
| 26 | None | https://github.com/Mustafa1986/CVE-2024-3094 | POC详情 |
| 27 | XZ-Utils工具库恶意后门植入漏洞(CVE-2024-3094) | https://github.com/MrBUGLF/XZ-Utils_CVE-2024-3094 | POC详情 |
| 28 | None | https://github.com/galacticquest/cve-2024-3094-detect | POC详情 |
| 29 | None | https://github.com/zgimszhd61/cve-2024-3094-detect-tool | POC详情 |
| 30 | None | https://github.com/mightysai1997/CVE-2024-3094-info | POC详情 |
| 31 | None | https://github.com/mightysai1997/CVE-2024-3094 | POC详情 |
| 32 | CVE-2024-3094 | https://github.com/mesutgungor/xz-backdoor-vulnerability | POC详情 |
| 33 | Obsidian notes about CVE-2024-3094 | https://github.com/reuteras/CVE-2024-3094 | POC详情 |
| 34 | notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094) | https://github.com/amlweems/xzbot | POC详情 |
| 35 | Checker - CVE-2024-3094 | https://github.com/gustavorobertux/CVE-2024-3094 | POC详情 |
| 36 | None | https://github.com/ackemed/detectar_cve-2024-3094 | POC详情 |
| 37 | XZ Backdoor Extract | https://github.com/0xlane/xz-cve-2024-3094 | POC详情 |
| 38 | None | https://github.com/dah4k/CVE-2024-3094 | POC详情 |
| 39 | Script en bash para revisar si tienes la vulnerabilidad CVE-2024-3094. | https://github.com/hackingetico21/revisaxzutils | POC详情 |
| 40 | CVE-2024-3094 XZ Backdoor Detector | https://github.com/devjanger/CVE-2024-3094-XZ-Backdoor-Detector | POC详情 |
| 41 | Detectar CVE-2024-3094 | https://github.com/ScrimForever/CVE-2024-3094 | POC详情 |
| 42 | CVE-2024-3094 - Checker (fix for arch etc) | https://github.com/pentestfunctions/CVE-2024-3094 | POC详情 |
| 43 | Dockerfile and Kubernetes manifests for reproduce CVE-2024-3094 | https://github.com/r0binak/xzk8s | POC详情 |
| 44 | apocalypxze: xz backdoor (2024) AKA CVE-2024-3094 related links | https://github.com/przemoc/xz-backdoor-links | POC详情 |
| 45 | Our current information about the CVE-2024-3094 backdoor. | https://github.com/CyberGuard-Foundation/CVE-2024-3094 | POC详情 |
| 46 | Collection of Detection, Fix, and exploit for CVE-2024-3094 | https://github.com/Security-Phoenix-demo/CVE-2024-3094-fix-exploits | POC详情 |
| 47 | This is a container environment running CVE-2024-3094 sshd backdoor instance, working with https://github.com/amlweems/xzbot project. IT IS NOT Docker, just implemented by chroot. | https://github.com/MagpieRYL/CVE-2024-3094-backdoor-env-container | POC详情 |
| 48 | Verify if your installed version of xz-utils is vulnerable to CVE-2024-3094 backdoor | https://github.com/Bella-Bc/xz-backdoor-CVE-2024-3094-Check | POC详情 |
| 49 | The repository consists of a checker file that confirms if your xz version and xz-utils package is vulnerable to CVE-2024-3094. | https://github.com/TheTorjanCaptain/CVE-2024-3094-Checker | POC详情 |
| 50 | The CVE-2024-3094 Checker is a Bash tool for identifying if Linux systems are at risk from the CVE-2024-3094 flaw in XZ/LZMA utilities. It checks XZ versions, SSHD's LZMA linkage, and scans for specific byte patterns, delivering results in a concise table format. | https://github.com/iheb2b/CVE-2024-3094-Checker | POC详情 |
| 51 | A tutorial on how to detect the CVE 2024-3094 | https://github.com/felipecosta09/cve-2024-3094 | POC详情 |
| 52 | Scans liblzma from xu-utils for backdoor (CVE-2024-3094) | https://github.com/weltregie/liblzma-scan | POC详情 |
| 53 | Ansible playbooks designed to check and remediate CVE-2024-3094 (XZ Backdoor) | https://github.com/crfearnworks/ansible-CVE-2024-3094 | POC详情 |
| 54 | A small repo with a single playbook. | https://github.com/robertdebock/ansible-playbook-cve-2024-3094 | POC详情 |
| 55 | An Ansible Role that installs the xz backdoor (CVE-2024-3094) on a Debian host and optionally installs the xzbot tool. | https://github.com/badsectorlabs/ludus_xz_backdoor | POC详情 |
| 56 | Scan for files containing the signature from the `xz` backdoor (CVE-2024-3094) | https://github.com/Juul/xz-backdoor-scan | POC详情 |
| 57 | None | https://github.com/drdry2/CVE-2024-3094-EXPLOIT | POC详情 |
| 58 | La siguiente regla YARA ayuda a detectar la presencia del backdoor en la librería liblzma comprometida en sistemas que utilizan las versiones 5.6.0 y 5.6.1 de la herramienta de compresión XZ. | https://github.com/fevar54/Detectar-Backdoor-en-liblzma-de-XZ-utils-CVE-2024-3094- | POC详情 |
| 59 | None | https://github.com/AlexDoe11/CVE-2024-3094-EXPLOIT | POC详情 |
| 60 | XZ Utils CVE-2024-3094 POC for Kubernetes | https://github.com/neuralinhibitor/xzwhy | POC详情 |
| 61 | Basic POC to test CVE-2024-3094 | https://github.com/shefirot/CVE-2024-3094 | POC详情 |
| 62 | SSH EXPLOIT BYPASS AUTH SSH | https://github.com/DANO-AMP/CVE-2024-3094 | POC详情 |
| 63 | GNU IFUNC is the real culprit behind CVE-2024-3094 | https://github.com/robertdfrench/ifuncd-up | POC详情 |
| 64 | Just a script to test if xz is vulnerable to the cve 2024-3094. | https://github.com/yq93dskimzm2/CVE-2024-3094 | POC详情 |
| 65 | Presentazione per il corsi di sicurezza Informatica sulla vulnerabilità CVE-2024-3094 | https://github.com/AndreaCicca/Sicurezza-Informatica-Presentazione | POC详情 |
| 66 | CVE-2024-3094 (XZ Backdoor) Tools | https://github.com/XiaomingX/cve-2024-3094-xz-backdoor-exploit | POC详情 |
| 67 | Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library. | https://github.com/projectdiscovery/nuclei-templates/blob/main/code/cves/2024/CVE-2024-3094.yaml | POC详情 |
| 68 | CVE-2024-3094 실습 환경 구축 및 보고 | https://github.com/been22426/CVE-2024-3094 | POC详情 |
| 69 | Shell scripts to identify and fix installations of xz-utils affected by the CVE-2024-3094 vulnerability. Versions 5.6.0 and 5.6.1 of xz-utils are known to be vulnerable, and this script aids in detecting them and optionally downgrading to a stable, un-compromised version (5.4.6) or upgrading to latest version. Added Ansible Playbook | https://github.com/gensecaihq/CVE-2024-3094-Vulnerability-Checker-Fixer | POC详情 |
| 70 | Ansible playbooks designed to check and remediate CVE-2024-3094 (XZ Backdoor) | https://github.com/KaminaDuck/ansible-CVE-2024-3094 | POC详情 |
| 71 | It was determined that malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. # It was determined that only certain operating systems and operating system versions were affected by this vulnerability. | https://github.com/laxmikumari615/Linux---Security---Detect-and-Mitigate-CVE-2024-3094 | POC详情 |
| 72 | A XZ backdoor vulnerability explained in details | https://github.com/valeriot30/cve-2024-3094 | POC详情 |
| 73 | Threat intelligence report analyzing the xz-utils backdoor vulnerability (CVE-2024-3094) | https://github.com/24Owais/threat-intel-cve-2024-3094 | POC详情 |
| 74 | CVE-2024-3094 | https://github.com/Dermot-lab/TryHack | POC详情 |
| 75 | Security analysis project: Real-world CVE breakdown | https://github.com/Ikram124/CVE-2024-3094-analysis | POC详情 |
| 76 | None | https://github.com/ykhurshudyan-blip/CVE-2024-3094 | POC详情 |
| 77 | CVE-2024-3094 exposed a backdoor in the XZ compression library, allowing remote SSH access by bypassing authentication. It’s a major supply chain attack affecting Linux systems, highlighting risks in trusted open-source components. | https://github.com/mrk336/CVE-2024-3094 | POC详情 |
| 78 | None | https://github.com/Titus-soc/-CVE-2024-3094-Vulnerability-Checker-Fixer-Public | POC详情 |
| 79 | Obsidian notes about CVE-2024-3094 | https://github.com/zpxlz/CVE-2024-3094 | POC详情 |
| 80 | Investigation into the XZ Utils backdoor (CVE-2024-3094): chronology, attack chain, risk to SSH, and supply-chain insights. Includes slides, sources, and mitigations (parity checks, attestations, or SBOMs, as well as SLSA) | https://github.com/M1lo25/CS50FinalProject | POC详情 |
| 81 | Script to obfuscate a payload the same way as it was done by the XZ utils attack (CVE-2024-3094) | https://github.com/ThomRgn/xzutils_backdoor_obfuscation | POC详情 |
| 82 | CVE-2024-3094 | https://github.com/B1ack4sh/Blackash-CVE-2024-3094 | POC详情 |
| 83 | CVE-2024-3094 | https://github.com/Ashwesker/Blackash-CVE-2024-3094 | POC详情 |
三、漏洞 CVE-2024-3094 的情报信息
- https://boehs.org/node/everything-i-know-about-the-xz-backdoor
- http://www.openwall.com/lists/oss-security/2024/03/29/12
- https://security-tracker.debian.org/tracker/CVE-2024-3094
- https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094
- http://www.openwall.com/lists/oss-security/2024/03/29/4
标题: Urgent security alert for Fedora 40 and Fedora Rawhide users -- 🔗来源链接
标签:
神龙速读:### 关键信息摘要 - **CVE编号**: CVE-2024-3094 - **受影响的版本**: Fedora Linux 40 (x86_64架构版本5.6.0-1.fc40和5.6.0-2.fc40) 和 Fedora Rawhide - **漏洞描述**: xz库版本5.6.0和5.6.1包含恶意代码,旨在允许未经授权的访问。恶意代码干扰systemd下的sshd认证,可能在特定条件下导致恶意行为者破坏sshd认证,从而远程获得系统未授权访问。 - **漏洞状态**: - 目前Fedora Linux 40构建尚未被证实受到恶意代码的感染,但建议用户降级到5.4.x版本以保证安全。 - Fedora Rawhide用户应立即停止使用,等待x86_64版本5.4.x发布后重新部署。 - **更新**: - 已发布更新将xz降级到5.4.x版本,用户可以通过正常更新系统获取。 - 更新后的Fedora Linux 40 beta包含两个受影响版本的xz库,分别是xz-libs-5.6.0-1.fc40.x86_64.rpm和xz-libs-5.6.0-2.fc40.x86_64.rpm。 - **解决方案**: - Fedora Linux 40用户可以按照说明降级到5.4.x版本。 - Fedora Rawhide用户应等待未来版本发布。 - 其他可能受影响的Linux发行版用户应咨询其发行版提供商。
- https://ariadne.space/2024/04/02/the-xz-utils-backdoor-is-a-symptom-of-a-larger-problem/
- https://www.vicarius.io/vsociety/vulnerabilities/cve-2024-3094
- https://xeiaso.net/notes/2024/xz-vuln/
- https://openssf.org/blog/2024/03/30/xz-backdoor-cve-2024-3094/
- http://www.openwall.com/lists/oss-security/2024/03/29/5
- http://www.openwall.com/lists/oss-security/2024/03/30/12
- https://research.swtch.com/xz-timeline
- https://research.swtch.com/xz-script
- https://twitter.com/debian/status/1774219194638409898
- https://www.kali.org/blog/about-the-xz-backdoor/
- https://discourse.nixos.org/t/cve-2024-3094-malicious-code-in-xz-5-6-0-and-5-6-1-tarballs/42405
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068024
- https://twitter.com/infosecb/status/1774595540233167206
- http://www.openwall.com/lists/oss-security/2024/03/30/5
- https://www.tenable.com/blog/frequently-asked-questions-cve-2024-3094-supply-chain-backdoor-in-xz-utils
- https://lists.freebsd.org/archives/freebsd-security/2024-March/000248.html
- https://bugs.gentoo.org/928134
- https://lists.debian.org/debian-security-announce/2024/msg00057.html
- https://twitter.com/LetsDefendIO/status/1774804387417751958
- https://gynvael.coldwind.pl/?lang=en&id=782
标题: CVE-2024-3094 — Alpine Security Tracker -- 🔗来源链接
标签:
神龙速读:### 关键信息总结 #### 漏洞概述 - **CVE编号**: CVE-2024-3094 - **描述**: 在xz的5.6.0版本及以上中发现恶意代码,这些代码通过伪装的测试文件中的预构建对象文件,被liblzma构建过程提取,进而修改liblzma中的特定函数,导致任何链接该库的软件能够拦截和修改与该库交互的数据。 #### 严重性与追踪 - **NVD严重性**: 未知 - **其他追踪器**: CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia - **邮件列表**: oss-security, full-disclosure, bugtraq - **利用库**: Exploit DB, Metasploit - **仓库**: GitHub (code, issues), Aports (code, issues) #### 版本影响与修复状态 - **受影响的源包和版本** - **xz** - edge-main: 5.6.1-r3 (已修复), 5.6.1-r2 (已修复), 5.6.1-r2 (未指定维护者, 已修复) - 3.22-main: 5.6.1-r2 (已修复) - 3.21-main: 5.6.1-r2 (未指定维护者, 已修复), 5.6.1-r3 (已修复) - 3.20-main: 5.6.1-r2 (未指定维护者, 已修复), 5.6.1-r3 (已修复) - **lighttpd** - 3.18-main: 1.4.76-r0 (已修复) - 3.17-main: 1.4.76-r0 (已修复) #### 参考链接 列出多个与漏洞相关的细节描述、文章、安全公告等链接,便于进一步深入研究与验证。 此漏洞涉及供应链安全问题,影响广泛的Linux工具库,其修复工作和影响评估非常重要。
- https://security.netapp.com/advisory/ntap-20240402-0001/
- https://security.archlinux.org/CVE-2024-3094
- https://github.com/amlweems/xzbot
- https://arstechnica.com/security/2024/03/backdoor-found-in-widely-used-linux-utility-breaks-encrypted-ssh-connections/
- https://lwn.net/Articles/967180/
- https://aws.amazon.com/security/security-bulletins/AWS-2024-002/
- https://news.ycombinator.com/item?id=39865810
- http://www.openwall.com/lists/oss-security/2024/03/29/10
- https://news.ycombinator.com/item?id=39895344
- https://access.redhat.com/security/cve/CVE-2024-3094vdb-entryx_refsource_REDHAT
- https://github.com/advisories/GHSA-rxwq-x6h5-x525
- https://www.theregister.com/2024/03/29/malicious_backdoor_xz/
- https://bugzilla.suse.com/show_bug.cgi?id=1222124
- https://www.openwall.com/lists/oss-security/2024/03/29/4
- http://www.openwall.com/lists/oss-security/2024/03/30/36
- https://tukaani.org/xz-backdoor/
- https://twitter.com/infosecb/status/1774597228864139400
- https://www.darkreading.com/vulnerabilities-threats/are-you-affected-by-the-backdoor-in-xz-utils
- https://blog.netbsd.org/tnf/entry/statement_on_backdoor_in_xz
- https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27
标题: CVE-2024-3094 | Ubuntu -- 🔗来源链接
标签:
神龙速读:## 关键信息 ### 漏洞标识 - CVE: CVE-2024-3094 ### 发布与更新信息 - 发布日期: 2024年3月29日 - 最后更新: 2025年8月4日 ### 漏洞优先级与严重程度 - Ubuntu 优先级: 关键(Critical) - CVSS v3 严重程度评分: 10.0 - 关键 ### 描述 - 在xz从5.6.0版本开始的上游tarballs中,发现了恶意代码。通过一系列复杂的混淆技术,liblzma的构建过程从源代码中存在的伪装测试文件中提取了一个预构建的对象文件,用于修改liblzma代码中的特定函数。这导致生成一个修改后的liblzma库,任何链接到该库的软件都可以使用它,从而拦截和修改与该库的数据交互。 ### 漏洞影响范围 - 问题导致在sshd中产生后门 ### 状态 - 包: xz-utils - Ubuntu 发行版: - 24.04 LTS (noble): 未受影响 - 22.04 LTS (jammy): 未受影响 - 20.04 LTS (focal): 未受影响 - 18.04 LTS (bionic): 未受影响 - 16.04 LTS (xenial): 未受影响 - 14.04 LTS (trusty): 未受影响 ### 严重程度评分细分 - 基本分数: 10.0 - 关键 - 攻击向量: 网络 - 攻击复杂性: 低 - 所需权限: 无 - 用户交互: 无 - 影响范围: 已更改 - 机密性影响: 高 - 完整性影响: 高 - 可用性影响: 高 - 向量: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- http://www.openwall.com/lists/oss-security/2024/03/30/27
- http://www.openwall.com/lists/oss-security/2024/03/29/8
- http://www.openwall.com/lists/oss-security/2024/04/16/5
- https://github.com/karcherm/xz-malware
- https://news.ycombinator.com/item?id=39877267
- https://bugzilla.redhat.com/show_bug.cgi?id=2272210issue-trackingx_refsource_REDHAT
- https://nvd.nist.gov/vuln/detail/CVE-2024-3094
四、漏洞 CVE-2024-3094 的评论
暂无评论