Finite StateFinite State
Finite StateFinite State
Vulnerability Management

ldd/usr/sbin/sshd - Alpine vs. Ubuntu for exploitability of CVE-2024-3094

Hardening works. Ubuntu has liblzma that is vulnerable to CVE-2024-3094, Alpine not

Julius Davies

Julius Davies

March 31, 2024

Alpine

ldd /usr/sbin/sshd - Alpine

Ubuntu

ldd /usr/sbin/sshd - Ubuntu

Which feels safer to you?

Note: “ldd” is a linux command-line utility for listing all library dependencies of a program. In theory some versions of “ldd” can be unsafe to run against untrusted programs.

About the author: Julius Davis - MergeBase Co-founder & Advisor. Senior architect and developer with strong academic background and roots in the open-source community. Contributor to a number of important open-source projects.

Julius Davies

Julius Davies

Julius was the co-founder and CTO of MergeBase, where he led the development of the company’s advanced software composition analysis technology. A longtime contributor to the open source community, Julius brings deep technical expertise in secure software development.

Ready to Level Up Your Security Knowledge?

Join thousands of security professionals learning from the best in the industry

Start Learning TodayStart Learning Today
Finite StateFinite State

Finite State is the Product Security Automation Platform that functions as an autonomous Product Security OS: design → verify → prove, grounded in what you ship.

Platform

Platform Overview
Ground Truth Inventory
Exploitability-Based Prioritization
Design-Time Architecture Security
Automated Evidence-Backed Compliance

Solutions

Device Manufacturers
Automotive
Medical Devices
Energy & Utilities
Government
Industrial

Resources

Blog
Resource Library
Webinars & Videos
Events
Documentation

Company

About Us
CareersHIRING
Press & Media
Contact Sales
X

Privacy PolicyTerms of UseCustomer Terms and Conditions