Vulnerability Details CVE-2021-34557
XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. A buffer overflow in update_screen_layout() allows an attacker to bypass the standard screen lock authentication mechanism by crashing XScreenSaver. The attacker must physically disconnect many video outputs.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 0.4%
CVSS Severity
CVSS v3 Score 4.6
CVSS v2 Score 2.1
References
- http://www.openwall.com/lists/oss-security/2021/06/11/1
- http://www.openwall.com/lists/oss-security/2021/07/06/2
- https://github.com/QubesOS/qubes-issues/issues/6595
- https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-068-2021.txt
- https://github.com/QubesOS/qubes-xscreensaver/blob/master/0001-Fix-updating-outputs-info.patch
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TC4QB7TRS4GS7LDXQQ4PC6J3LVFJYISV/
- https://www.openwall.com/lists/oss-security/2021/06/05/1
- http://www.openwall.com/lists/oss-security/2021/06/11/1
- http://www.openwall.com/lists/oss-security/2021/07/06/2
- https://github.com/QubesOS/qubes-issues/issues/6595
- https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-068-2021.txt
- https://github.com/QubesOS/qubes-xscreensaver/blob/master/0001-Fix-updating-outputs-info.patch
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TC4QB7TRS4GS7LDXQQ4PC6J3LVFJYISV/
- https://www.openwall.com/lists/oss-security/2021/06/05/1
Products affected by CVE-2021-34557
-
cpe:2.3:a:xscreensaver_project:xscreensaver:5.45
-
cpe:2.3:o:fedoraproject:fedora:33