Vulnerability in Fractal String\
CVE-2024-13939
String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string. As stated in the documentation: "If the lengths of the strings are different, because equa…
EPSS: 0.003 (26.4th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
Affected products
- Fractal String\ — versions \
- Fractal String::compare::constanttime — versions 0
Weakness classification (CWE)
References
- 9b29abf9-4ab0-4765-b253-1875cd9b441e (Technical Description, related)
Frequently asked questions
- What is CVE-2024-13939?
- CVE-2024-13939 is a high-severity vulnerability in Fractal String\, classified under CWE-208. CVSS score: 7.5/10. Published 2025-03-28.
- How severe is CVE-2024-13939?
- High severity. CVSS v3 base score is 7.5 out of 10.