CVE-2016-6129

HIGH

OP-TEE OS < 2.1.0 - RSA Signature Forgery via ASN.1 Length Mismatch

Title source: manual
STIX 2.1

Description

The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a Bleichenbacher signature forgery attack.

References (3)

Core 3
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd0
Issue Tracking, Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1370955
Vendor Advisory x_refsource_confirm
https://www.op-tee.org/advisories/

Scores

CVSS v3 7.5
EPSS 0.0077
EPSS Percentile 51.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-20
Status published
Products (3)
libtom/libtomcrypt < 1.17
op-tee/op-tee_os < 2.1.0
trustedfirmware/op-tee < 2.2.0
Published Feb 13, 2017
Tracked Since Feb 18, 2026