Injected Malicious Code

🗓️ 01 Apr 2024 21:18:10Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 37 Views

XZ vulnerability to injected malicious code discovered in version 5.6.0 with obfuscated object file extractio

Reporter	Title	Published	Views	Family All 93
GithubExploit	Exploit for Embedded Malicious Code in Tukaani Xz	5 Jul 202412:02	–	githubexploit
GithubExploit	Exploit for Embedded Malicious Code in Tukaani Xz	2 Apr 202401:56	–	githubexploit
GithubExploit	Exploit for Embedded Malicious Code in Tukaani Xz	1 Apr 202402:25	–	githubexploit
GithubExploit	WireDown	28 May 202616:24	–	githubexploit
GithubExploit	Exploit for Embedded Malicious Code in Tukaani Xz	4 Apr 202406:40	–	githubexploit
GithubExploit	Exploit for Embedded Malicious Code in Tukaani Xz	11 Jun 202414:19	–	githubexploit
GithubExploit	Exploit for Embedded Malicious Code in Tukaani Xz	3 Apr 202410:50	–	githubexploit
GithubExploit	Exploit for Embedded Malicious Code in Tukaani Xz	30 Mar 202420:05	–	githubexploit
GithubExploit	Exploit for Embedded Malicious Code in Tukaani Xz	19 Jun 202513:31	–	githubexploit
GithubExploit	Exploit for Embedded Malicious Code in Tukaani Xz	29 Mar 202423:20	–	githubexploit

Vulners

Node

xz_project xzMatch5.2.4-r0os

AND

xz_project xzMatch5.2.5-r0os

AND

xz_project xzMatch5.2.6-r1os

AND

xz_project xzMatch5.4.3-r1os

AND

xz_project xzMatch5.2.6-r0os

AND

xz_project xzMatch5.4.1-r0os

AND

xz_project xzMatch5.2.8-r0os

AND

xz_project xzMatch5.4.3-r0os

AND

xz_project xzMatch5.2.5-r1os

AND

xz_project xzMatch5.4.2-r1os

AND

xz_project xzMatch5.4.5-r0os

AND

xz_project xzMatch5.4.0-r0os

AND

xz_project xzMatch5.4.2-r0os

AND

xz_project xzMatch5.6.1-r1os

AND

xz_project xzMatch5.4.4-r0os

AND

xz_project xzMatch5.2.7-r0os

AND

xz_project xzMatch5.4.6-r0os

AND

xz_project xzMatch5.2.9-r0os

AND

alpinelinux alpine_linuxMatchedge

xz-utils xz-utilsMatch5.2.4-1+b1debian

AND

debian debian_linuxMatch999

lighttpd lighttpdMatch1.4.64-r0os

AND

lighttpd lighttpdMatch1.4.73-r0os

AND

alpinelinux alpine_linuxMatch3.16

lighttpd lighttpdMatch1.4.59-r2os

AND

lighttpd lighttpdMatch1.4.61-r1os

AND

lighttpd lighttpdMatch1.4.64-r0os

AND

lighttpd lighttpdMatch1.4.73-r0os

AND

alpinelinux alpine_linuxMatch3.15

lighttpd lighttpdMatch1.4.71-r0os

AND

lighttpd lighttpdMatch1.4.70-r0os

AND

lighttpd lighttpdMatch1.4.69-r2os

AND

lighttpd lighttpdMatch1.4.73-r0os

AND

lighttpd lighttpdMatch1.4.69-r1os

AND

alpinelinux alpine_linuxMatch3.18

lighttpd lighttpdMatch1.4.67-r0os

AND

lighttpd lighttpdMatch1.4.73-r0os

AND

alpinelinux alpine_linuxMatch3.17

Source	Link
boehs	www.boehs.org/node/everything-i-know-about-the-xz-backdoor
github	www.github.com/JiaT75/STest/issues/11
secdb	www.secdb.alpinelinux.org/edge/main.yaml
access	www.access.redhat.com/security/cve/CVE-2024-3094
ariadne	www.ariadne.space/2024/04/02/the-xz-utils-backdoor-is-a-symptom-of-a-larger-problem/
arstechnica	www.arstechnica.com/security/2024/03/backdoor-found-in-widely-used-linux-utility-breaks-encrypted-ssh-connections/
aws	www.aws.amazon.com/security/security-bulletins/AWS-2024-002/
blog	www.blog.netbsd.org/tnf/entry/statement_on_backdoor_in_xz
bugs	www.bugs.debian.org/cgi-bin/bugreport.cgi
bugs	www.bugs.gentoo.org/928134

06 Feb 2025 12:16Current

7.1High risk

Vulners AI Score7.1

CVSS 3.110

EPSS0.85058

SSVC