Skip to content

Verify that your XZ Utils version is not vulnerable to CVE-2024-3094

License

Notifications You must be signed in to change notification settings

lypd0/CVE-2024-3094-Vulnerabity-Checker

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 
 
 
 
 

Repository files navigation

CVE-2024-3094-Vulnerabity-Checker

Verify that your XZ Utils version is not vulnerable to CVE-2024-3094

┌──(lypd0㉿kali)-[~]
└─$ ./CVE-2024-3094_checker.sh
  ___  _  _  ____     ___   ___  ___   __       ___   ___   ___   __  
 / __)( \/ )( ___)___(__ \ / _ \(__ \ /. |  ___(__ ) / _ \ / _ \ /. |    
( (__  \  /  )__)(___)/ _/( (_) )/ _/(_  _)(___)(_ \( (_) )\_  /(_  _)
 \___)  \/  (____)   (____)\___/(____) (_)     (___/ \___/  (_/   (_)

 [*] You are NOT vulnerable to CVE-2024-3094.

Background

CISA (Cybersecurity and Infrastructure Security Agency) and the open-source community have responded to reports of malicious code being embedded in XZ Utils versions 5.6.0 and 5.6.1. This activity has been assigned CVE-2024-3094.

XZ Utils is data compression software commonly present in Linux distributions. The presence of malicious code in these versions may allow unauthorized access to affected systems.

Recommendation

CISA recommends developers and users to take the following actions if their systems are found to be vulnerable:

  • Downgrade XZ Utils: If you are using version 5.6.0 or 5.6.1, downgrade to an uncompromised version, such as XZ Utils 5.4.6 Stable.

  • Hunt for Malicious Activity: After downgrading, thoroughly search for any signs of malicious activity within your systems.

  • Report Findings: If you detect any malicious activity or suspicious behavior, report your findings to CISA for further investigation.

About

Verify that your XZ Utils version is not vulnerable to CVE-2024-3094

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published