CVE-2021-34557

https://notcve.org/view.php?id=CVE-2021-34557

XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. A buffer overflow in update_screen_layout() allows an attacker to bypass the standard screen lock authentication mechanism by crashing XScreenSaver. The attacker must physically disconnect many video outputs. XScreenSaver versión 5.45 puede ser omitido si la máquina tiene más de diez salidas de vídeo desconectables. Un desbordamiento de búfer en la función update_screen_layout() permite a un atacante omitir el mecanismo de autenticación de bloqueo de pantalla estándar, al bloquear a XScreenSaver. • http://www.openwall.com/lists/oss-security/2021/06/11/1 http://www.openwall.com/lists/oss-security/2021/07/06/2 https://github.com/QubesOS/qubes-issues/issues/6595 https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-068-2021.txt https://github.com/QubesOS/qubes-xscreensaver/blob/master/0001-Fix-updating-outputs-info.patch https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TC4QB7TRS4GS7LDXQQ4PC6J3LVFJYISV https://www.openwall.com/lists/o • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •