-
-
Notifications
You must be signed in to change notification settings - Fork 231
Expand file tree
/
Copy pathCVE-2026-33306.yml
More file actions
43 lines (36 loc) · 1.58 KB
/
CVE-2026-33306.yml
File metadata and controls
43 lines (36 loc) · 1.58 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
---
gem: bcrypt
cve: 2026-33306
ghsa: f27w-vcwj-c954
url: https://github.com/advisories/GHSA-f27w-vcwj-c954
title: bcrypt-ruby has an Integer Overflow that Causes Zero
Key-Strengthening Iterations at Cost=31 on JRuby
date: 2026-03-19
description: |
### Impact
An integer overflow in the Java BCrypt implementation for JRuby can
cause zero iterations in the strengthening loop. Impacted
applications must be setting the cost to 31 to see this happen.
The JRuby implementation of bcrypt-ruby (`BCrypt.java`) computes
the key-strengthening round count as a signed 32-bit integer.
When `cost=31` (the maximum allowed by the gem), signed integer
overflow causes the round count to become negative, and the
strengthening loop executes **zero iterations**. This collapses
bcrypt from 2^31 rounds of exponential key-strengthening to
effectively constant-time computation — only the initial
EksBlowfish key setup and final 64x encryption phase remain.
The resulting hash looks valid (`$2a$31$...`) and verifies
correctly via `checkpw`, making the weakness invisible to the
application. This issue is triggered only when cost=31 is
used or when verifying a `$2a$31$` hash.
### Patches
This problem has been fixed in version 3.1.22
### Workarounds
Set the cost to something less than 31.
patched_versions:
- ">= 3.1.22"
related:
url:
- https://github.com/bcrypt-ruby/bcrypt-ruby/security/advisories/GHSA-f27w-vcwj-c954
- https://github.com/bcrypt-ruby/bcrypt-ruby/commit/5faa2748331d3edc661c127ef2fbb3afcb6b02a4
- https://github.com/advisories/GHSA-f27w-vcwj-c954