Supply-chain backdooor vulnerability in XZ - CVE-2024-3094 (linux)ID: oval:org.secpod.oval:def:98828 | Date: (C)2024-04-04 (M)2024-04-17 |
Class: VULNERABILITY | Family: unix |
The host is installed with XZ version 5.6.0, or 5.6.1 and is prone to a supply-chain backdooor vulnerability. A flaw is present in the application, which fails to handle a malicious code in the upstream tarballs of xz. Successful exploitation allows attackers to use any software linked against the modified liblzma library, intercepting and modifying the data interaction with this library.