{"id":"CVE-2024-13939","summary":"String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string","details":"String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string.\n\nAs stated in the documentation: \"If the lengths of the strings are different, because equals returns false right away the size of the secret string may be leaked (but not its contents).\"\n\nThis is similar to CVE-2020-36829","modified":"2026-05-18T05:56:00.971251688Z","published":"2025-03-28T02:05:01.416Z","database_specific":{"cwe_ids":["CWE-208"],"cna_assigner":"CPANSec","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/13xxx/CVE-2024-13939.json"},"references":[{"type":"WEB","url":"https://cpan.org/modules"},{"type":"WEB","url":"https://metacpan.org/release/FRACTAL/String-Compare-ConstantTime-0.321/view/lib/String/Compare/ConstantTime.pm#TIMING-SIDE-CHANNEL"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/13xxx/CVE-2024-13939.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-13939"},{"type":"PACKAGE","url":"https://github.com/hoytech/String-Compare-ConstantTime"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/hoytech/string-compare-constanttime","events":[{"introduced":"0"},{"last_affected":"51d7d7832bc45523fb97447d137a54d5b2fe949e"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"0.321"}],"source":"AFFECTED_FIELD"}}],"versions":["String-Compare-ConstantTime-0.321","String-Compare-ConstantTime-0.320","String-Compare-ConstantTime-0.312","String-Compare-ConstantTime-0.311","String-Compare-ConstantTime-0.310","String-Compare-ConstantTime-0.300","String-Compare-ConstantTime-0.20"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-13939.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}