CVE-2021-34557 — Classic Buffer Overflow in Xscreensaver
Severity
4.6MEDIUMNVD
EPSS
0.1%
top 79.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 10
Latest updateMay 24
Description
XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. A buffer overflow in update_screen_layout() allows an attacker to bypass the standard screen lock authentication mechanism by crashing XScreenSaver. The attacker must physically disconnect many video outputs.
CVSS vector
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 0.9 | Impact: 3.6
Affected Packages3 packages
Also affects: Fedora 33