EUVD-2025-8542

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

String::Compare::ConstantTime in Perl is vulnerable to timing attacks revealing string lengths

Reporter	Title	Published	Views	Family All 22
Circl	CVE-2024-13939	28 Mar 202502:28	–	circl
CNNVD	MetaCPAN String::Compare::ConstantTime 安全漏洞	28 Mar 202500:00	–	cnnvd
CVE	CVE-2024-13939	28 Mar 202502:05	–	cve
Cvelist	CVE-2024-13939 String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string	28 Mar 202502:05	–	cvelist
Debian CVE	CVE-2024-13939	28 Mar 202502:05	–	debiancve
Fedora	[SECURITY] Fedora 42 Update: perl-String-Compare-ConstantTime-0.321-22.fc42	17 Apr 202519:03	–	fedora
Fedora	[SECURITY] Fedora 41 Update: perl-String-Compare-ConstantTime-0.321-21.fc41	17 Apr 202519:49	–	fedora
Fedora	[SECURITY] Fedora 40 Update: perl-String-Compare-ConstantTime-0.321-19.fc40	17 Apr 202519:34	–	fedora
Tenable Nessus	Fedora 41 : perl-String-Compare-ConstantTime (2025-5d61874568)	17 Apr 202500:00	–	nessus
Tenable Nessus	Fedora 42 : perl-String-Compare-ConstantTime (2025-ce51c124a5)	27 Jun 202500:00	–	nessus

[
  {
    "enisaIdVendor": [
      {
        "id": "1b8c080b-eb59-3d1e-af66-bceabe149688",
        "vendor": {
          "name": "FRACTAL"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "911a91da-1d6a-3adb-b98f-d18736b22e5c",
        "product": {
          "name": "String::Compare::ConstantTime"
        },
        "product_version": "0 ≤0.321"
      }
    ]
  }
]

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-13939
metacpan	www.metacpan.org/release/FRACTAL/String-Compare-ConstantTime-0.321/view/lib/String/Compare/ConstantTime.pm

03 Oct 2025 20:07Current

7.4High risk

Vulners AI Score7.4

CVSS 3.17.5

EPSS0.00218

SSVC