String-Compare-ConstantTime-0.320

Security Advisories (1)

CVE-2024-13939 (2025-03-28)

String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string. As stated in the documentation: "If the lengths of the strings are different, because equals returns false right away the size of the secret string may be leaked (but not its contents)." This is similar to CVE-2020-36829

https://metacpan.org/release/FRACTAL/String-Compare-ConstantTime-0.321/view/lib/String/Compare/ConstantTime.pm#TIMING-SIDE-CHANNEL

Changes for version 0.320 - 2018-04-22

Added Travis and Appveyor testing (thanks Paul Cochrane)
Use warnings pragmas (thanks Paul Cochrane)
Many documentation and meta-data fixes/updates (thanks Paul Cochrane)
Better test coverage for strings with/without utf8 flag (thanks Paul Cochrane)
Replace SvCUR with sv_len_utf8 to work around issue in debugging versions of perl (see https://github.com/hoytech/String-Compare-ConstantTime/issues/4) (thanks Paul Cochrane)

Modules

String::Compare::ConstantTime

Timing side-channel protected string compare

Other files

To install String::Compare::ConstantTime, copy and paste the appropriate command in to your terminal.

cpanm

cpanm String::Compare::ConstantTime

CPAN shell

perl -MCPAN -e shell
install String::Compare::ConstantTime

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

Changes for version 0.320 - 2018-04-22

Modules

Other files

Module Install Instructions