CVE-2021-34557

More information about this CVE will likely be available in a few days.

Description

XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. A buffer overflow in update_screen_layout() allows an attacker to bypass the standard screen lock authentication mechanism by crashing XScreenSaver. The attacker must physically disconnect many video outputs.

Related CPE's

Could not find any relations

References

https://github.com/QubesOS/qubes-xscreensaver/blob/master/0001-Fix-updating-outputs-info.patch

https://github.com/QubesOS/qubes-issues/issues/6595

https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-068-2021.txt

https://www.openwall.com/lists/oss-security/2021/06/05/1

[oss-security] 20210611 Re: XScreenSaver 5.45: Disconnecting a video output can cause XScreenSaver to crash and unlock

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics

Created by Yello

About Severity.io