slock 0.9 does not properly handle the XRaiseWindow event when the screen is locked, which might allow physically proximate attackers to obtain sensitive information by pressing a button, which reveals the desktop and active windows.
CVSS 2.0
Severity: LOW
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suckless | slock | 0.9 |
slock allows attackers to bypass the screen lock via vectors involving an invalid password hash, which triggers a NULL pointer dereference and crash.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suckless | slock | * |
| fedoraproject | fedora | 24 |
| fedoraproject | fedora | 25 |