Mastodawn

danielleaminov Apr 2, 2024

Check out our blogpost for more information 💫
https://www.wiz.io/blog/cve-2024-3094-critical-rce-vulnerability-found-in-xz-utils

CVE-2024-3094: Critical RCE Vulnerability Found in XZ Utils | Wiz Blog

CVE-2024-3094 is a malicious code vulnerability in versions 5.6.0 and 5.6.1 of XZ Utils, enabling an SSH authentication bypass in certain Linux distributions

wiz.io

danielleaminov Apr 2, 2024

I've been looking into how the xz backdoor works and drew this sketch to make it easier to understand.
I'll update it as new information comes to light ✨