12 matches found
Security Bulletin: Multiple vulnerabilities have been addressed in IBM Aspera Shares
Summary Multiple vulnerabilities have been addressed in IBM Aspera Shares Version 1.11.2 Vulnerability Details CVEID:CVE-2026-33168 DESCRIPTION: Action View provides conventions and helpers for building web pages with the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when a...
Security Bulletin: Multiple vulnerabilities in IBM Aspera Enterprise WebApps
Summary Multiple vulnerabilities were addressed in IBM Aspera Enterprise WebApps version 1.0.2.1 Vulnerability Details CVEID:CVE-2026-33306 DESCRIPTION: bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt...
CVE-2026-33306
A flaw was found in bcrypt-ruby, a Ruby binding for the OpenBSD bcrypt password hashing algorithm, specifically in its JRuby implementation. When the cost parameter is set to 31, an integer overflow occurs, causing the key-strengthening loop to execute zero iterations. This significantly weakens...
CVE-2026-33306
bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. T...
CVE-2026-33306
bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. T...
UBUNTU-CVE-2026-33306
bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. T...
CVE-2026-33306 bcrypt-ruby has an Integer Overflow that Causes Zero Key-Strengthening Iterations at Cost=31 on JRuby
bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. T...
CVE-2026-33306 bcrypt-ruby has an Integer Overflow that Causes Zero Key-Strengthening Iterations at Cost=31 on JRuby
bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. T...
CVE-2026-33306
bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. T...
bcrypt-ruby 输入验证错误漏洞
bcrypt-ruby is an open-source secure password hashing tool developed by bcrypt-ruby. Versions of bcrypt-ruby prior to 3.1.22 had a vulnerability related to input validation. This vulnerability stemmed from integer overflow in the JRuby implementation, which led to enhanced circular zero iteration...
Integer Overflow
bcrypt-ruby is vulnerable to Integer Overflow. The vulnerability is due to an integer overflow in the Java BCrypt implementation for JRuby, where the key-strengthening round count is computed as a signed 32-bit integer, and when cost=31, signed integer overflow causes the round count to become...
bcrypt-ruby has an Integer Overflow that Causes Zero Key-Strengthening Iterations at Cost=31 on JRuby
Impact An integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. The JRuby implementation of bcrypt-ruby BCrypt.java computes the key-strengthening round count as a...