ID:10965 - Exploit for Embedded malicious code (backdoor) in XZ Utils - CVE-2024-3094

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:10965 - Exploit for Embedded malicious code (backdoor) in XZ Utils - CVE-2024-3094

ID:10965 - Exploit for Embedded malicious code (backdoor) in XZ Utils - CVE-2024-3094

Published: December 6, 2024


Vulnerability identifier: #VU87917
Vulnerability risk: Critical
CVE-ID: CVE-2024-3094
CWE-ID: CWE-506
Exploitation vector: Remote access
Vulnerable software:
XZ Utils

Link to public exploit:


Vulnerability description

The vulnerability allows a remote attacker to gain unauthorized access to the application.

The vulnerability exists due to presence of embedded malicious functionality in the application code (aka backdoor) that allows a remote attacker to gain unauthorized access to the system.

Note, the vulnerability is being actively exploited in the wild.


Remediation

Install update from vendor's website.