cve-2024-3094
Safeguard articles tagged "cve-2024-3094" — guides, analysis, and best practices for software supply chain and application security.
14 articles
Anatomy of the XZ Utils backdoor: how CVE-2024-3094 nearly compromised SSH on every major Linux distro
A CVSS 10.0 backdoor sat in xz 5.6.0 and 5.6.1 for weeks, hidden in a test file, until 0.5 seconds of extra SSH login latency gave it away.
The XZ Utils backdoor CVE-2024-3094 explained
CVE-2024-3094 hid a remote-access backdoor inside xz-utils via a years-long social engineering campaign. Here's the timeline, impact, and fix.
Lessons from the XZ Utils Backdoor: A Three-Year Social Engineering Heist
CVE-2024-3094 was a backdoor patiently planted in XZ Utils over years of social engineering, caught by an engineer chasing half a second of SSH latency. Here is the full story.
The XZ backdoor CVE-2024-3094 deep dive
A technical deep dive into CVE-2024-3094, the XZ Utils/liblzma SSH backdoor: affected versions, severity context, full timeline, and remediation steps.
XZ Utils Backdoor: One Year Retrospective
A year after the XZ Utils backdoor was caught by Andres Freund at Microsoft, what did we fix, what did we ignore, and what still gets packaged into Linux distros?
The XZ Utils Backdoor Explained
A trusted maintainer, years of quiet social engineering, and one hidden SSH backdoor: how CVE-2024-3094 nearly compromised the global Linux supply chain.
XZ Utils backdoor discovery (CVE-2024-3094)
A deep dive into CVE-2024-3094, the XZ Utils backdoor: affected versions, CVSS/EPSS context, full attack timeline, and remediation steps.
The XZ Utils backdoor: anatomy of a supply chain attack
A two-year maintainer-trust takeover placed a pre-auth SSH backdoor inside xz-utils. Heres how CVE-2024-3094 was built, hidden, and caught in time.
Insider Threats in Open Source Projects: Lessons from XZ Utils
The XZ Utils backdoor was a three-year social engineering operation, not a coding mistake. What the timeline shows about maintainer trust, and what you can actually monitor.
The XZ Utils Incident as a Case Study in Maintainer Trust...
CVE-2024-3094 shows how a patient social-engineering campaign turned trusted open source maintainership into a near-catastrophic SSH backdoor.
The XZ Utils Backdoor: A Timeline and Technical Post-Mortem
A technical post-mortem of CVE-2024-3094, the XZ Utils backdoor: how a trusted maintainer identity was used to plant a supply chain backdoor in sshd.
XZ Utils Backdoor: Technical Breakdown
The xz-utils backdoor (CVE-2024-3094) nearly compromised SSH on every modern Linux distro. Here is how the implant worked and what it teaches us.