[SECURITY] Fedora 42 Update: perl-String-Compare-ConstantTime-0.321-22.fc42

April 19, 2025 invoker category_cve

Vulnerability Details

Basic Information

Title	[SECURITY] Fedora 42 Update: perl-String-Compare-ConstantTime-0.321-22.fc42
Type	fedora
Published	2025-04-17T19:03:23
Last Seen	2025-04-18T00:08:50
CVSS Score	7.5 (HIGH)

CVSS v3 Details

Attack Vector	NETWORK
Attack Complexity	LOW
Privileges Required	NONE
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	HIGH
Integrity Impact	NONE
Availability Impact	NONE

CVE Information

CVE IDs	CVE-2024-13939
CWE
Bulletin Family	unix

Description

This module provides one function, “equals”, which works like perl’s “eq”, but which does not provide a timing side-channel. Such comparison is useful when matching against a secret string.

Impact Assessment

Base Score	7.5
Severity	HIGH

View full CVE details