ID CVE-2016-6866
Summary slock allows attackers to bypass the screen lock via vectors involving an invalid password hash, which triggers a NULL pointer dereference and crash.
References
Vulnerable Configurations
  • cpe:2.3:a:suckless:slock:0.9:*:*:*:*:*:*:*
    cpe:2.3:a:suckless:slock:0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:suckless:slock:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:suckless:slock:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:suckless:slock:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:suckless:slock:1.3:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 17-02-2017 - 17:43)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 92546
confirm http://git.suckless.org/slock/commit/?id=d8bec0f6fdc8a246d78cb488a0068954b46fcb29
fedora
  • FEDORA-2016-1b7e66c08b
  • FEDORA-2016-985b68721b
misc http://s1m0n.dft-labs.eu/files/slock/slock.txt
mlist
  • [oss-security] 20160818 CVE request - slock, all versions NULL pointer dereference
  • [oss-security] 20160818 Re: CVE request - slock, all versions NULL pointer dereference
Last major update 17-02-2017 - 17:43
Published 15-02-2017 - 19:59
Last modified 17-02-2017 - 17:43
Back to Top