CVE-2016-6129

EUVD-2016-7063
The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a Bleichenbacher signature forgery attack.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
Affected Products (NVD)
VendorProductVersion
op-teeop-tee_os
𝑥
≤ 2.1.0
libtomlibtomcrypt
𝑥
≤ 1.17
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libtomcrypt
bookworm
1.18.2-6
fixed
bullseye
1.18.2-5
fixed
jessie
no-dsa
sid
1.18.2+dfsg-7
fixed
trixie
1.18.2+dfsg-7
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libtomcrypt
artful
ignored
bionic
not-affected
precise
Fixed 1.17-3.2+deb7u1ubuntu0.1
released
trusty
Fixed 1.17-5ubuntu0.1
released
xenial
Fixed 1.17-7ubuntu0.1
released
yakkety
ignored
zesty
ignored
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=1370955
https://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd0
https://www.op-tee.org/advisories/
https://bugzilla.redhat.com/show_bug.cgi?id=1370955
https://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd0
https://www.op-tee.org/advisories/