GHSA/SYNC: 1 brand new advisory

Author: jasnow

gems/bcrypt/CVE-2026-33306.yml

@@ -0,0 +1,43 @@
+---
+gem: bcrypt
+cve: 2026-33306
+ghsa: f27w-vcwj-c954
+url: https://github.com/advisories/GHSA-f27w-vcwj-c954
+title: bcrypt-ruby has an Integer Overflow that Causes Zero
+  Key-Strengthening Iterations at Cost=31 on JRuby
+date: 2026-03-19
+description: |
+  ### Impact
+
+  An integer overflow in the Java BCrypt implementation for JRuby can
+  cause zero iterations in the strengthening loop.  Impacted
+  applications must be setting the cost to 31 to see this happen.
+
+  The JRuby implementation of bcrypt-ruby (`BCrypt.java`) computes
+  the key-strengthening round count as a signed 32-bit integer.
+  When `cost=31` (the maximum allowed by the gem), signed integer
+  overflow causes the round count to become negative, and the
+  strengthening loop executes **zero iterations**. This collapses
+  bcrypt from 2^31 rounds of exponential key-strengthening to
+  effectively constant-time computation — only the initial
+  EksBlowfish key setup and final 64x encryption phase remain.
+
+  The resulting hash looks valid (`$2a$31$...`) and verifies
+  correctly via `checkpw`, making the weakness invisible to the
+  application. This issue is triggered only when cost=31 is
+  used or when verifying a `$2a$31$` hash.
+
+  ### Patches
+
+  This problem has been fixed in version 3.1.22
+
+  ### Workarounds
+
+  Set the cost to something less than 31.
+patched_versions:
+  - ">= 3.1.22"
+related:
+  url:
+    - https://github.com/bcrypt-ruby/bcrypt-ruby/security/advisories/GHSA-f27w-vcwj-c954
+    - https://github.com/bcrypt-ruby/bcrypt-ruby/commit/5faa2748331d3edc661c127ef2fbb3afcb6b02a4
+    - https://github.com/advisories/GHSA-f27w-vcwj-c954