|
| 1 | +--- |
| 2 | +layout: advisory |
| 3 | +title: 'CVE-2026-33306 (bcrypt): bcrypt-ruby has an Integer Overflow that Causes Zero |
| 4 | + Key-Strengthening Iterations at Cost=31 on JRuby' |
| 5 | +comments: false |
| 6 | +categories: |
| 7 | +- bcrypt |
| 8 | +advisory: |
| 9 | + gem: bcrypt |
| 10 | + cve: 2026-33306 |
| 11 | + ghsa: f27w-vcwj-c954 |
| 12 | + url: https://github.com/advisories/GHSA-f27w-vcwj-c954 |
| 13 | + title: bcrypt-ruby has an Integer Overflow that Causes Zero Key-Strengthening Iterations |
| 14 | + at Cost=31 on JRuby |
| 15 | + date: 2026-03-19 |
| 16 | + description: | |
| 17 | + ### Impact |
| 18 | +
|
| 19 | + An integer overflow in the Java BCrypt implementation for JRuby can |
| 20 | + cause zero iterations in the strengthening loop. Impacted |
| 21 | + applications must be setting the cost to 31 to see this happen. |
| 22 | +
|
| 23 | + The JRuby implementation of bcrypt-ruby (`BCrypt.java`) computes |
| 24 | + the key-strengthening round count as a signed 32-bit integer. |
| 25 | + When `cost=31` (the maximum allowed by the gem), signed integer |
| 26 | + overflow causes the round count to become negative, and the |
| 27 | + strengthening loop executes **zero iterations**. This collapses |
| 28 | + bcrypt from 2^31 rounds of exponential key-strengthening to |
| 29 | + effectively constant-time computation — only the initial |
| 30 | + EksBlowfish key setup and final 64x encryption phase remain. |
| 31 | +
|
| 32 | + The resulting hash looks valid (`$2a$31$...`) and verifies |
| 33 | + correctly via `checkpw`, making the weakness invisible to the |
| 34 | + application. This issue is triggered only when cost=31 is |
| 35 | + used or when verifying a `$2a$31$` hash. |
| 36 | +
|
| 37 | + ### Patches |
| 38 | +
|
| 39 | + This problem has been fixed in version 3.1.22 |
| 40 | +
|
| 41 | + ### Workarounds |
| 42 | +
|
| 43 | + Set the cost to something less than 31. |
| 44 | + patched_versions: |
| 45 | + - ">= 3.1.22" |
| 46 | + related: |
| 47 | + url: |
| 48 | + - https://github.com/bcrypt-ruby/bcrypt-ruby/security/advisories/GHSA-f27w-vcwj-c954 |
| 49 | + - https://github.com/bcrypt-ruby/bcrypt-ruby/commit/5faa2748331d3edc661c127ef2fbb3afcb6b02a4 |
| 50 | + - https://github.com/advisories/GHSA-f27w-vcwj-c954 |
| 51 | +--- |
0 commit comments