Moderate severityNVD Advisory· Published Feb 28, 2015· Updated May 6, 2026

CVE-2015-0886

Description

Integer overflow in the crypt_raw method in the key-stretching implementation in jBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maximum exponent.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.mindrot:jbcryptMaven	< 0.4	0.4

Affected products

Mindrot/Jbcrypt
cpe:2.3:a:mindrot:jbcrypt:*:*:*:*:*:*:*:*
Range: <0.4
Fedoraproject/Fedora3 versions
cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

jvn.jp/en/jp/JVN77718330/index.htmlnvdThird Party AdvisoryVendor AdvisoryWEB
jvndb.jvn.jp/jvndb/JVNDB-2015-000033nvdThird Party AdvisoryVDB EntryVendor AdvisoryWEB
lists.fedoraproject.org/pipermail/package-announce/2015-March/151496.htmlnvdThird Party AdvisoryWEB
lists.fedoraproject.org/pipermail/package-announce/2015-March/151786.htmlnvdThird Party AdvisoryWEB
lists.fedoraproject.org/pipermail/package-announce/2015-March/151797.htmlnvdThird Party AdvisoryWEB
www.mindrot.org/projects/jBCrypt/news/rel04.htmlnvdRelease NotesVendor AdvisoryWEB
bugzilla.mindrot.org/show_bug.cginvdIssue TrackingVendor AdvisoryWEB
github.com/advisories/GHSA-9h6p-92jq-888xghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2015-0886ghsaADVISORY
lists.apache.org/thread.html/rbd23e3ac8113b4da0a025c0e45170b6ec317383a1cf06090c2c717aa@%3Ccommits.cassandra.apache.org%3EghsaWEB
lists.apache.org/thread.html/rd5c2256b8dc9935e4bb5e9be90adce58408054bb42523730a40c5548@%3Ccommits.cassandra.apache.org%3EghsaWEB
lists.apache.org/thread.html/re330cfe9e5d84e3f7da8ace23ec32f38cb3fbd328bf177badd7ad942@%3Ccommits.cassandra.apache.org%3EghsaWEB
lists.apache.org/thread.html/rbd23e3ac8113b4da0a025c0e45170b6ec317383a1cf06090c2c717aa%40%3Ccommits.cassandra.apache.org%3Envd
lists.apache.org/thread.html/rd5c2256b8dc9935e4bb5e9be90adce58408054bb42523730a40c5548%40%3Ccommits.cassandra.apache.org%3Envd
lists.apache.org/thread.html/re330cfe9e5d84e3f7da8ace23ec32f38cb3fbd328bf177badd7ad942%40%3Ccommits.cassandra.apache.org%3Envd

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000