VYPR
← All advisories
Unrated severityNVD Advisory· Published Nov 21, 2019· Updated Aug 6, 2024

CVE-2012-4524

CVE-2012-4524

Description

xlockmore before 5.43 'dclock' security bypass vulnerability

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • xlockmore/xlockmorellm-fuzzy2 versions
    <5.43+ 1 more
    • (no CPE)range: <5.43
    • (no CPE)range: < 5.43

Patches

Vulnerability mechanics

Root cause

"The 'dclock' mode in xlockmore incorrectly handles time values on 32-bit systems with 64-bit time_t."

Attack vector

An attacker with local access to a vulnerable system can exploit this vulnerability by manipulating time-related inputs or system time. The vulnerability lies in how the 'dclock' mode processes time values, specifically when dealing with the year calculation. This can lead to unexpected behavior or bypass security checks within the 'dclock' mode.

Affected code

The vulnerability is located in the 'modes/dclock.c' file. Specifically, the functions 'timeAtLastNewYear' and 'dayhrminsec' were affected. The patch modifies these functions to use 'time_t' instead of 'long' for time-related parameters.

What the fix does

The patch modifies the 'dclock.c' file to correctly handle time values by changing the type of the time parameters from 'long' to 'time_t'. This ensures that time is processed using the appropriate data type, preventing potential overflows or misinterpretations that could lead to a security bypass. The change is applied to functions like 'timeAtLastNewYear' and 'dayhrminsec' to ensure consistent and correct time handling.

Preconditions

  • configThe system must be a 32-bit machine with a 64-bit time_t.
  • configThe xlockmore version must be prior to 5.43.

Generated on Jun 3, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

10

News mentions

0

No linked articles in our index yet.