CVE-2024-13939

Published: Mar 28, 2025

Modified: Mar 28, 2025

PUBLISHED

Description

String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string. As stated in the documentation: "If the lengths of the strings are different, because equals returns false right away the size of the secret string may be leaked (but not its contents)." This is similar to CVE-2020-36829

Vendor	Product	Versions
FRACTAL	String::Compare::ConstantTime	affected `0 - <= 0.321`

Weaknesses (CWE)

CWE-208

References

https://metacpan.org/release/FRACTAL/String-Compare-ConstantTime-0.321/view/lib/String/Compare/ConstantTime.pm#TIMING-SIDE-CHANNEL

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-13939

Description

Affected Products

Weaknesses (CWE)

References