Conclusions from CVE-2024-3094 (libxz disaster)

Thibaut hacks at slashdirt.org
Sun Mar 31 10:29:16 PDT 2024


> Le 31 mars 2024 à 19:06, Thibaut <hacks at slashdirt.org> a écrit :
>> Le 31 mars 2024 à 18:46, Daniel Golle <daniel at makrotopia.org> a écrit :
>> 
>> I've seen that, and by itself it does not present a security risk in
>> the context libarchive is intended to be used.

BTW in case that isn’t obvious, the deadliest exploits typically invovlve uses cases *outside* of the software intended use.

Just because you or I don’t see a security implication doesn’t mean there isn’t one :)

Cheers,
T


More information about the openwrt-adm mailing list