Home > Vulnerability Database > CVE-2024-13939

Mend.io Vulnerability Database

CVE-2024-13939

Date: March 27, 2025

String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string. As stated in the documentation: "If the lengths of the strings are different, because equals returns false right away the size of the secret string may be leaked (but not its contents)." This is similar to CVE-2020-36829

Severity Score

7.5

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-13939

Url: https://metacpan.org/release/FRACTAL/String-Compare-ConstantTime-0.321/view/lib/String/Compare/ConstantTime.pm#TIMING-SIDE-CHANNEL

Url: https://www.mend.io/vulnerability-database/CVE-2024-13939

Severity Score

7.5

Weakness Type (CWE)

Observable Discrepancy

CWE-203

Observable Timing Discrepancy

CWE-208

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-13939

Date: March 27, 2025

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?