CVE-2021-34557
Severity Score
4.6
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. A buffer overflow in update_screen_layout() allows an attacker to bypass the standard screen lock authentication mechanism by crashing XScreenSaver. The attacker must physically disconnect many video outputs.
XScreenSaver versión 5.45 puede ser omitido si la máquina tiene más de diez salidas de vídeo desconectables. Un desbordamiento de búfer en la función update_screen_layout() permite a un atacante omitir el mecanismo de autenticación de bloqueo de pantalla estándar, al bloquear a XScreenSaver. El atacante debe desconectar físicamente muchas salidas de vídeo
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-06-10 CVE Reserved
- 2021-06-10 CVE Published
- 2024-02-24 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2021/06/11/1 | Mailing List |
|
| https://github.com/QubesOS/qubes-issues/issues/6595 | Issue Tracking |
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2021/07/06/2 | 2024-08-04 | |
| https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-068-2021.txt | 2024-08-04 | |
| https://www.openwall.com/lists/oss-security/2021/06/05/1 | 2024-08-04 |
| URL | Date | SRC |
|---|---|---|
| https://github.com/QubesOS/qubes-xscreensaver/blob/master/0001-Fix-updating-outputs-info.patch | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Xscreensaver Project Search vendor "Xscreensaver Project" | Xscreensaver Search vendor "Xscreensaver Project" for product "Xscreensaver" | 5.45 Search vendor "Xscreensaver Project" for product "Xscreensaver" and version "5.45" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 33 Search vendor "Fedoraproject" for product "Fedora" and version "33" | - |
Affected
| ||||||