CVE-2024-13939

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-208
View all →

Vulnerability Description

String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string. As stated in the documentation: "If the lengths of the strings are different, because equals returns false right away the size of the secret string may be leaked (but not its contents)." This is similar to CVE-2020-36829

Related Vulnerabilities

CVE-2010-10006

HIGH
CVSS:7.5(High)

A vulnerability, which was classified as problematic, was found in michaelliao jopenid. Affected is the function getAuthentication of the file JOpenId/src/org/expressme/openid/OpenIdManager.java. The ...

CWE-2082010

CVE-2013-10006

HIGH
CVSS:7.5(High)

A vulnerability classified as problematic was found in Ziftr primecoin up to 0.8.4rc1. Affected by this vulnerability is the function HTTPAuthorized of the file src/bitcoinrpc.cpp. The manipulation of...

CWE-2082013

CVE-2021-42016

HIGH
CVSS:7.5(High)

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i801, RUGGEDCOM i802, RUGGEDCOM i803, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M969, RUGGEDCOM M...

CWE-2082021

CVE-2022-31142

HIGH
CVSS:7.5(High)

@fastify/bearer-auth is a Fastify plugin to require bearer Authorization headers. @fastify/bearer-auth prior to versions 7.0.2 and 8.0.1 does not securely use crypto.timingSafeEqual. A malicious attac...

CWE-2082022

CVE-2023-41097

HIGH
CVSS:7.5(High)

An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0.

CWE-2082023

CVE-2023-50781

HIGH
CVSS:7.5(High)

A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive dat...

CWE-2082023