## https://sploitus.com/exploit?id=A8A7D9C6-3761-5290-9337-57AF4203DAC4
# CVE-2024-3094-Vulnerabity-Checker
Verify that your XZ Utils version is not vulnerable to CVE-2024-3094
```
βββ(lypd0γΏkali)-[~]
ββ$ ./CVE-2024-3094_checker.sh
___ _ _ ____ ___ ___ ___ __ ___ ___ ___ __
/ __)( \/ )( ___)___(__ \ / _ \(__ \ /. | ___(__ ) / _ \ / _ \ /. |
( (__ \ / )__)(___)/ _/( (_) )/ _/(_ _)(___)(_ \( (_) )\_ /(_ _)
\___) \/ (____) (____)\___/(____) (_) (___/ \___/ (_/ (_)
[*] You are NOT vulnerable to CVE-2024-3094.
```
## Background
CISA (Cybersecurity and Infrastructure Security Agency) and the open-source community have responded to reports of malicious code being embedded in XZ Utils versions 5.6.0 and 5.6.1. This activity has been assigned CVE-2024-3094.
XZ Utils is data compression software commonly present in Linux distributions. The presence of malicious code in these versions may allow unauthorized access to affected systems.
## Recommendation
CISA recommends developers and users to take the following actions if their systems are found to be vulnerable:
- **Downgrade XZ Utils**: If you are using version 5.6.0 or 5.6.1, downgrade to an uncompromised version, such as XZ Utils 5.4.6 Stable.
- **Hunt for Malicious Activity**: After downgrading, thoroughly search for any signs of malicious activity within your systems.
- **Report Findings**: If you detect any malicious activity or suspicious behavior, report your findings to CISA for further investigation.