EUVD-2019-0540

Malware in sbrugna...

The vulnerability of the secure_compare() function in the Mojolicious module allows a hacker to obtain the length of the secret string.

The vulnerability of the securecompare function in the Mojolicious module relates to manipulating an unknown input, which leads to a timing mismatch vulnerability. Exploiting this vulnerability could allow a remote attacker to obtain the length of the secret string...

ROS-20240603-02

A vulnerability in the Format Detection component of the Mojolicious module for Perl is related to errors in releasing resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service A vulnerability in the securecompare function of the...

AZL-45018 CVE-2020-36829 affecting package perl-Mojolicious 8.57-3

The Mojolicious module before 8.65 for Perl is vulnerable to securecompare timing attacks that allow an attacker to guess the length of a secret string. Only versions after 1.74 are affected...

UBUNTU-CVE-2020-36829

The Mojolicious module before 8.65 for Perl is vulnerable to securecompare timing attacks that allow an attacker to guess the length of a secret string. Only versions after 1.74 are affected...

PT-2024-3925 · Unknown +2 · Mojolicious +2

Name of the Vulnerable Software and Affected Versions: Mojolicious module versions 1.74 through 8.64 Description: The issue is related to a timing attack vulnerability in the secure compare function of the Mojolicious module for Perl. This vulnerability allows an attacker to manipulate unknown...

GHSA-H9X2-5RM7-X4GM Insecure Comparison in secure-compare

Versions of secure-compare prior to 3.0.1 are affected by a vulnerability that results in the package always returning true when comparing two strings of the same length, despite differences in the contents of those strings. Recommendation Upgrade to version 3.0.1 or later...

Insecure Comparison in secure-compare

Versions of secure-compare prior to 3.0.1 are affected by a vulnerability that results in the package always returning true when comparing two strings of the same length, despite differences in the contents of those strings. Recommendation Upgrade to version 3.0.1 or later...

CVE-2015-9238

secure-compare 3.0.0 and below do not actually compare two strings properly. compare was actually comparing the first argument with itself, meaning the check passed for any two strings of the same length...

Design/Logic Flaw

secure-compare 3.0.0 and below do not actually compare two strings properly. compare was actually comparing the first argument with itself, meaning the check passed for any two strings of the same length...

CVE-2015-9238

secure-compare 3.0.0 and below do not actually compare two strings properly. compare was actually comparing the first argument with itself, meaning the check passed for any two strings of the same length...

CVE-2015-9238

The CVE-2015-9238 issue affects the secure-compare package (Node ecosystem). Versions prior to 3.0.1 incorrectly compare two strings: the check compares the first argument with itself, allowing any two strings of the same length to pass. Affected component: secure-compare (npm/Node.js environment...

CVE-2017-12868

The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypass authentication by leveraging missing character conversions before an XOR operation...

Insecure Comparison

Overview Versions of secure-compare prior to 3.0.1 are affected by a vulnerability that results in the package always returning true when comparing two strings of the same length, despite differences in the contents of those strings. Recommendation Upgrade to version 3.0.1 or later. References - ...