Lucene search

PRIOn knowledge basePRION:CVE-2021-34557

HistoryJun 10, 2021 - 4:15 p.m.

Buffer overflow

2021-06-1016:15:00

PRIOn knowledge base

www.prio-n.com

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.0%

JSON

XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. A buffer overflow in update_screen_layout() allows an attacker to bypass the standard screen lock authentication mechanism by crashing XScreenSaver. The attacker must physically disconnect many video outputs.

CPENameOperatorVersion
fedoraeq33
xscreensavereq5.45

CPE	Name	Operator	Version
	fedora	eq	33
	xscreensaver	eq	5.45

References

www.openwall.com/lists/oss-security/2021/06/11/1

www.openwall.com/lists/oss-security/2021/07/06/2

github.com/QubesOS/qubes-issues/issues/6595

github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-068-2021.txt

github.com/QubesOS/qubes-xscreensaver/blob/master/0001-Fix-updating-outputs-info.patch

lists.fedoraproject.org/archives/list/[email protected]/message/TC4QB7TRS4GS7LDXQQ4PC6J3LVFJYISV/

www.openwall.com/lists/oss-security/2021/06/05/1