CVE-2024-3094
CVSS 3.1 Score 10.0 of 10 (high)
Details
Published Mar 29, 2024
Updated: May 1, 2024
CWE ID 506
Summary
CVE-2024-3094 is a newly discovered vulnerability affecting the xz library, specifically versions 5.6.0 and later. Hidden within upstream tarballs, malicious code extracts a prebuilt object file from a disguised test file within the source code. This object file is subsequently used to manipulate specific functions within the liblzma library during the build process. The resulting modified liblzma library can be incorporated into any software that links against it, enabling interception and manipulation of data interactions with the library.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
Note: This is just a basic overview providing quick insights into CVE-2024-3094 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions