Summaryinfo

A vulnerability has been found in bcrypt-ruby up to 3.1.21 on JRuby and classified as problematic. The impacted element is an unknown function of the file BCrypt.java. This manipulation causes integer overflow. The identification of this vulnerability is CVE-2026-33306. The attack can only be executed locally. There is no exploit available. The affected component should be upgraded.

Detailsinfo

A vulnerability has been found in bcrypt-ruby up to 3.1.21 on JRuby and classified as problematic. Affected by this vulnerability is an unknown part of the file BCrypt.java. The manipulation with an unknown input leads to a integer overflow vulnerability. The CWE definition for the vulnerability is CWE-190. The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:

bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt() password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. The JRuby implementation of bcrypt-ruby (`BCrypt.java`) computes the key-strengthening round count as a signed 32-bit integer. When `cost=31` (the maximum allowed by the gem), signed integer overflow causes the round count to become negative, and the strengthening loop executes **zero iterations**. This collapses bcrypt from 2^31 rounds of exponential key-strengthening to effectively constant-time computation — only the initial EksBlowfish key setup and final 64x encryption phase remain. The resulting hash looks valid (`$2a$31$...`) and verifies correctly via `checkpw`, making the weakness invisible to the application. This issue is triggered only when cost=31 is used or when verifying a `$2a$31$` hash. This problem has been fixed in version 3.1.22. As a workaround, set the cost to something less than 31.

It is possible to read the advisory at github.com. This vulnerability is known as CVE-2026-33306 since 03/18/2026. The exploitation appears to be difficult. Attacking locally is a requirement. Technical details of the vulnerability are known, but there is no available exploit.

The vulnerability scanner Nessus provides a plugin with the ID 303306 (Linux Distros Unpatched Vulnerability : CVE-2026-33306), which helps to determine the existence of the flaw in a target environment.

Upgrading to version 3.1.22 eliminates this vulnerability. The upgrade is hosted for download at github.com. Applying the patch 831ce64cb0a9502130fa93a28bfd9527a5fa45c4 is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.

The vulnerability is also documented in the vulnerability database at Tenable (303306). Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Productinfo

Type

• Programming Language Software

Name

• bcrypt-ruby

Version

• 3.1.0
• 3.1.1
• 3.1.2
• 3.1.3
• 3.1.4
• 3.1.5
• 3.1.6
• 3.1.7
• 3.1.8
• 3.1.9
• 3.1.10
• 3.1.11
• 3.1.12
• 3.1.13
• 3.1.14
• 3.1.15
• 3.1.16
• 3.1.17
• 3.1.18
• 3.1.19
• 3.1.20
• 3.1.21

License

• open-source

Website

• Product: https://github.com/bcrypt-ruby/bcrypt-ruby/

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion