CVE-2016-6129
Summary
| CVE | CVE-2016-6129 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-02-13 18:59:00 UTC |
| Updated | 2017-03-13 15:24:00 UTC |
| Description | The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a Bleichenbacher signature forgery attack. |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Libtom | Libtomcrypt | All | All | All | All |
| Operating System | Op-tee | Op-tee Os | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 404 page not found! - OP-TEE | CONFIRM | www.op-tee.org | Vendor Advisory |
| rsa_verify_hash: fix possible bleichenbacher signature attack · libtom/libtomcrypt@5eb9743 · GitHub | CONFIRM | github.com | Issue Tracking, Patch, Third Party Advisory |
| 1370955 – (CVE-2016-6129) CVE-2016-6129 libtomcrypt: possible OP-TEE Bleichenbacher attack | CONFIRM | bugzilla.redhat.com | Issue Tracking, Patch |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.