Lucene search
K

24 matches found

GithubExploit
GithubExploit
added 2026/06/13 4:2 p.m.84 views

Exploit for Embedded Malicious Code in Tukaani Xz

XZ Backdoor Labs CVE-2024-3094 Safe, hands-on labs for...

10CVSS8.7AI score0.85974EPSS
Exploits40
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.7 views

EulerOS Virtualization 2.13.0 : xz (EulerOS-SA-2026-2422)

According to the versions of the xz packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzmaindexdecoder was us...

6.3CVSS5.8AI score0.00351EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.10 views

EulerOS 2.0 SP13 : xz (EulerOS-SA-2026-2319)

According to the versions of the xz packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzmaindexdecoder was used to decode an...

6.3CVSS5.8AI score0.00351EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.16 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : XZ Utils vulnerability (USN-8362-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8362-1 advisory. It was discovered that XZ Utils did not properly manage memory when attempting to append data ...

6.3CVSS6AI score0.00351EPSS
Exploits0References2
OSV
OSV
added 2026/06/02 9:17 a.m.10 views

USN-8362-1 xz-utils vulnerability

It was discovered that XZ Utils did not properly manage memory when attempting to append data to a decoded index that contained no records. An attacker could possibly use this issue to cause XZ Utils to crash, resulting in a denial of service, or execute arbitrary code...

6.3CVSS6AI score0.00351EPSS
Exploits0References2
Rosalinux
Rosalinux
added 2026/06/01 12:39 p.m.15 views

Advisory ROSA-SA-2026-3313

Component: xz 5.2.9 OS: ROSA-CHROME Unaffected versions: = xz-5.2.9-2 Affected versions: xz-5.2.9-2 CVE-ID: CVE-2026-34743 BDU-ID: None CVE-Crit: Medium CVE-DESCRIPTION: The buffer overflow vulnerability in XZ Utils allows an attacker to cause memory corruption by using the lzmaindexdecoder...

6.3CVSS6AI score0.00351EPSS
Exploits0
OSV
OSV
added 2026/05/07 3:3 p.m.8 views

JLSEC-2026-462

XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzmaindexdecoder was used to decode an Index that contained no Records, the resulting lzmaindex was left in a state where where a subsequent lzmaindexappend would allocate too little...

6.3CVSS6AI score0.00351EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/03 1:33 p.m.4 views

CVE-2026-34743

A flaw was found in XZ Utils. When the lzmaindexdecoder function processes an empty index, and a subsequent lzmaindexappend operation is performed, insufficient memory is allocated. This can lead to a buffer overflow, potentially causing a denial of service DoS for affected systems...

6.3CVSS6AI score0.00351EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/02 6:36 p.m.3 views

EUVD-2026-18505

XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzmaindexdecoder was used to decode an Index that contained no Records, the resulting lzmaindex was left in a state where where a subsequent lzmaindexappend would allocate too little...

6.3CVSS6AI score0.00351EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.6 views

PT-2026-29689

Name of the Vulnerable Software and Affected Versions XZ Utils versions prior to 5.8.3 Description XZ Utils, a data-compression library and command-line tools, had a flaw where the lzma index decoder function, when processing an Index without Records, could leave the lzma index in a state leading...

9.8CVSS6.2AI score0.00781EPSS
Exploits0References122
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.5 views

TencentOS Server 4: xz (TSSA-2025:0279)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0279 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

8.7CVSS6.6AI score0.00642EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2025/10/03 7:56 p.m.5 views

xz security update

An update is available for xz. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list XZ Utils is an integrated collection of user-space file compression utilities bas...

8.7CVSS7.5AI score0.00642EPSS
Exploits0
OSV
OSV
added 2025/10/03 7:56 p.m.6 views

RLSA-2025:7524 Important: xz security update

XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm LZMA, which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short. Security Fixes: xz: XZ has a...

7.5CVSS7.5AI score0.00642EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2025/08/12 6:17 p.m.5 views

Researchers Spot XZ Utils Backdoor in Dozens of Docker Hub Images, Fueling Supply Chain Risks

New research has uncovered Docker images on Docker Hub that contain the infamous XZ Utils backdoor, more than a year after the discovery of the incident. More troubling is the fact that other images have been built on top of these infected base images, effectively propagating the infection furthe...

10CVSS8.1AI score0.85974EPSS
Exploits40
OSV
OSV
added 2025/04/03 5:36 p.m.3 views

USN-7414-1 xz-utils vulnerability

Harri K. Koskinen discovered that XZ Utils incorrectly handled the threaded xz decoder. If a user or automated system were tricked into processing an xz file, a remote attacker could use this issue to cause XZ Utils to crash, resulting in a denial of service, or possibly execute arbitrary code...

8.7CVSS7.3AI score0.00642EPSS
Exploits0References2
OSV
OSV
added 2025/04/03 5:15 p.m.7 views

AZL-59497 CVE-2025-31115 affecting package xz for versions less than 5.4.4-2

XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on t...

8.7CVSS7AI score0.00642EPSS
Exploits0References1
OSV
OSV
added 2025/04/03 5:15 p.m.2 views

ALPINE-CVE-2025-31115

XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on t...

8.7CVSS6.9AI score0.00642EPSS
Exploits0References1
OSV
OSV
added 2025/04/03 5:15 p.m.2 views

DEBIAN-CVE-2025-31115

XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on t...

8.7CVSS7.5AI score0.00642EPSS
Exploits0References1
OSV
OSV
added 2025/04/03 3:0 p.m.2 views

UBUNTU-CVE-2025-31115

XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on t...

8.7CVSS7AI score0.00642EPSS
Exploits0References3
Snyk
Snyk
added 2025/04/02 9:0 p.m.3 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free when processing multiple threads in the workerdecoder function in streamdecodermt.c. An attacker can cause the input buffer to be freed while a worker-specific thread is still writing to it, triggering a crash. Note: The...

8.7CVSS7.7AI score0.00642EPSS
Exploits0References2
Rows per page
Query Builder