{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000033.html",
  "dc:date": "2015-03-03T15:58+09:00",
  "dcterms:issued": "2015-02-27T14:03+09:00",
  "dcterms:modified": "2015-03-03T15:58+09:00",
  "description": "jBCrypt is a Java implementation to compute password hashes. jBCrypt contains an integer overflow vulnerability in the key stretching process. An integer overflow occurs when the parameter for the repetition count is set to the maximum value allowed, 31.\r\n\r\nNorito AGETSUMA reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000033.html",
  "sec:cpe": {
    "#text": "cpe:/a:mindrot:jbcrypt",
    "@product": "jBCrypt",
    "@vendor": "mindrot.org",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "2.6",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2015-000033",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN77718330/index.html",
      "@id": "JVN#77718330",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0886",
      "@id": "CVE-2015-0886",
      "@source": "CVE"
    },
    {
      "#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0886",
      "@id": "CVE-2015-0886",
      "@source": "NVD"
    },
    {
      "#text": "https://bugzilla.mindrot.org/show_bug.cgi?id=2097",
      "@id": "OpenSSH: Bugs  ([Bug 2097] if gensalt\u0027s log_rounds parameter is set to 31 it does 0 (ZERO) rounds!)",
      "@source": "Related document"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Vulnerability in the jBCrypt key stretching process"
}