String-Compare-ConstantTime-0.321

Security Advisories (1)

CVE-2024-13939 (2025-03-28)

String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string. As stated in the documentation: "If the lengths of the strings are different, because equals returns false right away the size of the secret string may be leaked (but not its contents)." This is similar to CVE-2020-36829

https://metacpan.org/release/FRACTAL/String-Compare-ConstantTime-0.321/view/lib/String/Compare/ConstantTime.pm#TIMING-SIDE-CHANNEL

Changes for version 0.321 - 2019-06-17

Remove unnecessary sv_len_utf8 calls (thanks David Golden)
Test and document mixed UTF-8 flag comparison (thanks David Golden)

Modules

String::Compare::ConstantTime

Timing side-channel protected string compare

Other files

To install String::Compare::ConstantTime, copy and paste the appropriate command in to your terminal.

cpanm

cpanm String::Compare::ConstantTime

CPAN shell

perl -MCPAN -e shell
install String::Compare::ConstantTime

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

Changes for version 0.321 - 2019-06-17

Modules

Other files

Module Install Instructions