First published: Wed Feb 15 2017(Updated: )
slock allows attackers to bypass the screen lock via vectors involving an invalid password hash, which triggers a NULL pointer dereference and crash.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
slock | <=1.3 | |
Red Hat Fedora | =24 | |
Red Hat Fedora | =25 | |
<=1.3 | ||
=24 | ||
=25 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2016-6866 is considered to be high due to the potential for unauthorized access.
CVE-2016-6866 allows an attacker to bypass the lock through invalid password hashes that lead to a NULL pointer dereference.
CVE-2016-6866 affects slock versions up to and including 1.3.
To mitigate the risk of CVE-2016-6866, it is recommended to upgrade to a patched version of slock.
CVE-2016-6866 has been reported to affect Fedora versions 24 and 25.