CVE-2024-3094

CVSS 3.1 Score 10.0 of 10 (high)

Details

Published Mar 29, 2024
Updated: May 1, 2024
CWE ID 506

Summary

CVE-2024-3094 is a newly discovered vulnerability affecting the xz library, specifically versions 5.6.0 and later. Hidden within upstream tarballs, malicious code extracts a prebuilt object file from a disguised test file within the source code. This object file is subsequently used to manipulate specific functions within the liblzma library during the build process. The resulting modified liblzma library can be incorporated into any software that links against it, enabling interception and manipulation of data interactions with the library.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share