Lucene search
K

293 matches found

RedhatCVE
RedhatCVE
added 2026/03/24 11:23 a.m.3 views

CVE-2026-33306

A flaw was found in bcrypt-ruby, a Ruby binding for the OpenBSD bcrypt password hashing algorithm, specifically in its JRuby implementation. When the cost parameter is set to 31, an integer overflow occurs, causing the key-strengthening loop to execute zero iterations. This significantly weakens...

7.4CVSS5.9AI score0.00228EPSS
Exploits0References6
NVD
NVD
added 2026/03/24 1:17 a.m.5 views

CVE-2026-33306

bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. T...

7.5CVSS0.00228EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/03/24 1:17 a.m.5 views

CVE-2026-33306

bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. T...

7.5CVSS5.8AI score0.00228EPSS
Exploits0References4
OSV
OSV
added 2026/03/24 1:17 a.m.6 views

UBUNTU-CVE-2026-33306

bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. T...

7.5CVSS5.8AI score0.00228EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/24 12:8 a.m.4 views

CVE-2026-33306

bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. T...

7.4CVSS5.8AI score0.00228EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/03/24 12:8 a.m.27 views

CVE-2026-33306 bcrypt-ruby has an Integer Overflow that Causes Zero Key-Strengthening Iterations at Cost=31 on JRuby

bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. T...

7.4CVSS0.00228EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/03/24 12:8 a.m.10 views

CVE-2026-33306

bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. T...

7.5CVSS5.3AI score0.00228EPSS
Exploits0
CVE
CVE
added 2026/03/24 12:8 a.m.19 views

CVE-2026-33306

CVE-2026-33306 affects bcrypt-ruby (JRuby Java BCrypt implementation) where a signed 32-bit integer overflow at cost=31 causes the key-strengthening loop to run zero iterations, collapsing bcrypt from 2^31 rounds to effectively constant time. This leads to weaker hashes that may be exploitable. T...

7.5CVSS5.8AI score0.00228EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/24 12:8 a.m.1 views

CVE-2026-33306 bcrypt-ruby has an Integer Overflow that Causes Zero Key-Strengthening Iterations at Cost=31 on JRuby

bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. T...

7.4CVSS5.8AI score0.00228EPSS
Exploits0References3
OSV
OSV
added 2026/03/24 12:8 a.m.7 views

CVE-2026-33306 bcrypt-ruby has an Integer Overflow that Causes Zero Key-Strengthening Iterations at Cost=31 on JRuby

bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. T...

7.4CVSS5.8AI score0.00228EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.12 views

bcrypt-ruby 输入验证错误漏洞

bcrypt-ruby is an open-source secure password hashing tool developed by bcrypt-ruby. Versions of bcrypt-ruby prior to 3.1.22 had a vulnerability related to input validation. This vulnerability stemmed from integer overflow in the JRuby implementation, which led to enhanced circular zero iteration...

7.5CVSS5.9AI score0.00228EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/22 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-33306

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation...

7.5CVSS5.9AI score0.00228EPSS
Exploits0References3
Veracode
Veracode
added 2026/03/21 5:28 a.m.8 views

Integer Overflow

bcrypt-ruby is vulnerable to Integer Overflow. The vulnerability is due to an integer overflow in the Java BCrypt implementation for JRuby, where the key-strengthening round count is computed as a signed 32-bit integer, and when cost=31, signed integer overflow causes the round count to become...

7.5CVSS5.9AI score0.00228EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2026/03/20 3:43 p.m.7 views

GHSA-G3HG-J4JV-CWFR Traefik Affected by BasicAuth Middleware Timing Attack Allows Username Enumeration

Summary There is a potential vulnerability in Traefik's BasicAuth middleware that allows username enumeration via a timing attack. When a submitted username exists, the middleware performs a bcrypt password comparison taking 166ms. When the username does not exist, the response returns immediatel...

6.3CVSS5.9AI score0.00385EPSS
Exploits0References6
NVD
NVD
added 2026/03/20 11:18 a.m.4 views

CVE-2026-32595

Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1 comtain BasicAuth middleware that allows username enumeration via a timing attack. When a submitted username exists, the middleware performs a bcrypt password comparison taki...

6.3CVSS0.00385EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/20 10:8 a.m.10 views

CVE-2026-32595

Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1 comtain BasicAuth middleware that allows username enumeration via a timing attack. When a submitted username exists, the middleware performs a bcrypt password comparison taki...

6.3CVSS5.8AI score0.00385EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/03/20 10:8 a.m.24 views

CVE-2026-32595 Traefik: BasicAuth Middleware Timing Attack Allows Username Enumeration

Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1 comtain BasicAuth middleware that allows username enumeration via a timing attack. When a submitted username exists, the middleware performs a bcrypt password comparison taki...

6.3CVSS0.00385EPSS
Exploits0References4
OSV
OSV
added 2026/03/20 10:8 a.m.6 views

CVE-2026-32595 Traefik: BasicAuth Middleware Timing Attack Allows Username Enumeration

Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1 comtain BasicAuth middleware that allows username enumeration via a timing attack. When a submitted username exists, the middleware performs a bcrypt password comparison taki...

6.3CVSS5.9AI score0.00385EPSS
Exploits0References6
Snyk
Snyk
added 2026/03/19 5:54 p.m.5 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the BCrypt.java implementation when the cost parameter is set to 31. An attacker can significantly reduce the computational effort required to brute-force password hashes by supplying or verifying hashe...

8.2CVSS5.9AI score0.00228EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/19 5:54 p.m.13 views

bcrypt-ruby has an Integer Overflow that Causes Zero Key-Strengthening Iterations at Cost=31 on JRuby

Impact An integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. The JRuby implementation of bcrypt-ruby BCrypt.java computes the key-strengthening round count as a...

7.5CVSS5.8AI score0.00228EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder