Malicious Code Identified in XZ Tools and Libraries (CVE-2024-3094)

Summary

This article details vulnerability information for Forcepoint products pertaining to CVE-2024-3094.

Information

Published Date: April 4, 2024

Last Update: May 20, 2024
KBA Status: In Review
KBA Severity: Critical
CVE Number(s): CVE-2024-3094

KBA Summary

CVE-2024-3094 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2024-3094

As per RedHat's Statement, no versions of Red Hat Enterprise Linux (RHEL) are affected.

Under Investigation

Forcepoint Data Security (DLP)
- Forcepoint DLP Protector
- Forcepoint DLP Analytics Engine

Not Affected

Product Name	Version	Justification Code
SMC Appliances (SMCA)	All Supported Versions	Component_not_present
Forcepoint Appliances (Web, Email)	All Supported Versions	Component_not_present
Next Generation Firewall (NGFW)	All Supported Versions	Component_not_present

Justification Code Definitions:

Vulnerable_code_not_present: The vulnerable code was added in a later version of a component and is not present in the version shipped in the product.

Resolution

Hotfix and Other Fix Information

Under Investigation

Related Articles
Information Disclosure Vulnerabilities CVE-2022-21123, CVE-2022-21125 and CVE-2022-21166
Summary This article details vulnerability information for Forcepoint products with CVE-2022-21123, CVE-2022-21125 and CVE-2022-21166 Information Published Date: January 26, 2023 Last Update: May 28, 2024 KBA Status: Final Update KBA Severity: High ...
Forcepoint NGFW Security Management Center 6.10.x Resolved and Known Issues
Summary Resolved and known issues for Forcepoint NGFW Security Management Center (SMC) 6.10 releases. Problem This article is divided into two sections: Known Issues – Important information about known issues of high or medium rating that are ...
How to Locate Secure SD-WAN Engine and SMC License Details in the Forcepoint Customer Hub
Summary The article provides steps how to locate FlexEdge Secure SD-WAN (previously NGFW) license details via the Forcepoint Customer Hub. Notes and Warnings Note After April 11th 2022, newly purchased Secure SD-WAN and NGFW Appliances will be ...
Differences Between Stealth and Interactive DLP Endpoint Modes
Summary This article goes through the differences between stealth and interactive DLP Endpoint modes Problem What is the difference between the Stealth mode and Interactive mode when building a DLP Endpoint installation package? Solution The ...
NGFW Appliance Interface Compatibility Matrix
Summary This compatibility matrix article transceiver compatibility with the NGFW appliance on-board SFP+ and QSFP ports and interface modules, and interface module compatibility with NGFW appliances. Information On-board Interfaces The first table ...

Malicious Code Identified in XZ Tools and Libraries (CVE-2024-3094)

Malicious Code Identified in XZ Tools and Libraries (CVE-2024-3094)

KBA Summary

Resolution

Related Articles

Information Disclosure Vulnerabilities CVE-2022-21123, CVE-2022-21125 and CVE-2022-21166

Forcepoint NGFW Security Management Center 6.10.x Resolved and Known Issues

How to Locate Secure SD-WAN Engine and SMC License Details in the Forcepoint Customer Hub

Differences Between Stealth and Interactive DLP Endpoint Modes

NGFW Appliance Interface Compatibility Matrix