CVE-2024-13939 String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string

String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string. As stated in the documentation: "If the lengths of the strings are different, because equals returns false right away the size of the secret string m...

PT-2025-13421 · Unknown +1 · String::Compare::Constanttime +1

Name of the Vulnerable Software and Affected Versions: String::Compare::ConstantTime versions prior to 0.322 Description: The issue allows an attacker to guess the length of a secret string through timing attacks. According to the documentation, if the lengths of the strings are different, the si...

MetaCPAN String::Compare::ConstantTime 安全漏洞

MetaCPAN String::Compare::ConstantTime is a component of the MetaCPAN Foundation. A security vulnerability exists in MetaCPAN String::Compare::ConstantTime version 0.321 and earlier, which stems from a timing attack that could disclose the length of a secret string...

Draytek多款产品 安全漏洞

DrayTek Vigor 2620 and DrayTek Vigor 2860 are both routers from China Draytek DrayTek. A security vulnerability exists in several Draytek products that stems from the use of insecure strcmp and memcmp functions, which could lead to the disclosure of sensitive information. The following products a...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from allowing null pointers in strcmp...

ALPINE-CVE-2024-23771

darkhttpd before 1.15 uses strcmp which is not constant time to verify authentication, which makes it easier for remote attackers to bypass authentication via a timing side channel...

kernel: wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit()

In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: Fix global-out-of-bounds bug in rtl8812aephysettxpowerlimit There is a global-out-of-bounds reported by KASAN: BUG: KASAN: global-out-of-bounds in rtl8812aeeqnbyte.part.0+0x3d/0x84 rtl8821ae Read of size 1 at addr...

CLSA-2023-1698949696 httpd: Fix of CVE-2023-31122

CVE-2023-31122: modmacro: Fix out-of-bounds read vulnerability by using own strncmp function...

CLSA-2023-1698948956 httpd: Fix of CVE-2023-31122

CVE-2023-31122: modmacro: fix out-of-bounds read vulnerability by using own strncmp function...

Virtuoso Open-Source Edition SQL注入漏洞

Virtuoso Open-Source Edition is a high-performance and scalable multi-model RDBMS, data integration middleware, linked data deployment, and HTTP application server platform from OpenLink Software open source. A security vulnerability exists in Virtuoso Open-Source Edition version v7.2.9, which...

httpd: Out-of-bounds read in ap_strcmp_match()

An out-of-bounds read vulnerability was found in httpd. A very large input to the apstrcmpmatch function can lead to an integer overflow and result in an out-of-bounds read...

OSV-2022-1142 Heap-buffer-overflow in onigenc_unicode_mbc_case_fold

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53030 Crash type: Heap-buffer-overflow READ 1 Crash state: onigencunicodembccasefold mbccasefold stringcmpic...

PT-2022-36744 · Git +1 · Oniguruma

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow read, which was identified through an OSS-Fuzz report. The crash state involves several functions, includi...

mariadb: use-after-poison in my_strcasecmp_8bit() of ctype-simple.c

A flaw was found in the MariaDB Server. A use-after-free in the component, mystrcasecmp8bit, can be exploited via specially crafted SQL statements, impacting availability...

Denial Of Service (DoS)

modhttp2 is vulnerable to denial of service DoS. The vulnerability exists through a read-after-free on a string compare...

May 28, 2019—KB4499162 (OS Build 15063.1839)

May 28, 2019—KB4499162 OS Build 15063.1839 Reminder: March 12th and April 9th will be the last two Delta updates for Windows 10, version 1703. Security and quality updates will continue to be available via the express and full cumulative update packages. For more information on this change please...

YARA 'specialized_string_cmp' Denial of Service Vulnerability

YARA is a set of tools used to help software researchers identify and categorize malware samples. A denial-of-service vulnerability exists in the 'sizedstringcmp' parameter of the YARA libyara/sizedstr.c file, which can be exploited by a remote attacker to submit a special request and cause a...

DEBIAN-CVE-2017-8929

The sizedstringcmp function in libyara/sizedstr.c in YARA 3.5.0 allows remote attackers to cause a denial of service use-after-free and application crash via a crafted rule...

UBUNTU-CVE-2017-8929

The sizedstringcmp function in libyara/sizedstr.c in YARA 3.5.0 allows remote attackers to cause a denial of service use-after-free and application crash via a crafted rule...