Conclusions from CVE-2024-3094 (libxz disaster)
Thibaut
hacks at slashdirt.org
Sun Mar 31 10:29:16 PDT 2024
> Le 31 mars 2024 à 19:06, Thibaut <hacks at slashdirt.org> a écrit :
>> Le 31 mars 2024 à 18:46, Daniel Golle <daniel at makrotopia.org> a écrit :
>>
>> I've seen that, and by itself it does not present a security risk in
>> the context libarchive is intended to be used.
BTW in case that isn’t obvious, the deadliest exploits typically invovlve uses cases *outside* of the software intended use.
Just because you or I don’t see a security implication doesn’t mean there isn’t one :)
Cheers,
T
More information about the openwrt-devel
mailing list