CVE-2021-34557

XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. A buffer overflow in update_screen_layout() allows an attacker to bypass the standard screen lock authentication mechanism by crashing XScreenSaver. The attacker must physically disconnect many video outputs.
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.6 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
Affected Products (NVD)
VendorProductVersion
xscreensaver_projectxscreensaver
5.45
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xscreensaver
bookworm
6.06+dfsg1-3+deb12u1
fixed
bullseye
5.45+dfsg1-2
fixed
buster
no-dsa
sid
6.08+dfsg1-1
fixed
stretch
postponed
trixie
6.08+dfsg1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
xscreensaver
bionic
needs-triage
focal
needs-triage
groovy
ignored
hirsute
ignored
impish
ignored
jammy
needs-triage
kinetic
ignored
lunar
not-affected
mantic
not-affected
noble
not-affected
trusty
dne
xenial
needs-triage
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
xscreensaver
suse enterprise desktop 15 SP3
5.44-150000.5.6.1
fixed
suse enterprise sap 12 SP5
5.22-8.3.1
fixed
suse enterprise sap 15 SP3
5.44-150000.5.6.1
fixed
suse enterprise server 12 SP3
5.22-8.3.1
fixed
suse enterprise server 12 SP5
5.22-8.3.1
fixed
suse enterprise server 15 SP3
5.44-150000.5.6.1
fixed
xscreensaver-data
suse enterprise desktop 15 SP3
5.44-150000.5.6.1
fixed
suse enterprise sap 12 SP5
5.22-8.3.1
fixed
suse enterprise sap 15 SP3
5.44-150000.5.6.1
fixed
suse enterprise server 12 SP3
5.22-8.3.1
fixed
suse enterprise server 12 SP5
5.22-8.3.1
fixed
suse enterprise server 15 SP3
5.44-150000.5.6.1
fixed
xscreensaver-lang
suse enterprise desktop 15 SP3
5.44-150000.5.6.1
fixed
suse enterprise sap 15 SP3
5.44-150000.5.6.1
fixed
suse enterprise server 15 SP3
5.44-150000.5.6.1
fixed
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2021/06/11/1
http://www.openwall.com/lists/oss-security/2021/07/06/2
https://github.com/QubesOS/qubes-issues/issues/6595
https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-068-2021.txt
https://github.com/QubesOS/qubes-xscreensaver/blob/master/0001-Fix-updating-outputs-info.patch
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TC4QB7TRS4GS7LDXQQ4PC6J3LVFJYISV/
https://www.openwall.com/lists/oss-security/2021/06/05/1
http://www.openwall.com/lists/oss-security/2021/06/11/1
http://www.openwall.com/lists/oss-security/2021/07/06/2
https://github.com/QubesOS/qubes-issues/issues/6595
https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-068-2021.txt
https://github.com/QubesOS/qubes-xscreensaver/blob/master/0001-Fix-updating-outputs-info.patch
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TC4QB7TRS4GS7LDXQQ4PC6J3LVFJYISV/
https://www.openwall.com/lists/oss-security/2021/06/05/1