CVE-2016-6129
HIGHOP-TEE OS < 2.1.0 - RSA Signature Forgery via ASN.1 Length Mismatch
Title source: manualDescription
The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a Bleichenbacher signature forgery attack.
References (3)
Core 3
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd0
Issue Tracking, Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1370955
Vendor Advisory x_refsource_confirm
https://www.op-tee.org/advisories/
Scores
CVSS v3
7.5
EPSS
0.0077
EPSS Percentile
51.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-20
Status
published
Products (3)
libtom/libtomcrypt
< 1.17
op-tee/op-tee_os
< 2.1.0
trustedfirmware/op-tee
< 2.2.0
Published
Feb 13, 2017
Tracked Since
Feb 18, 2026