CVE-2016-6129

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-6129

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-6129.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2016-6129

Related

Published

2017-02-13T18:59:00Z

Modified

2025-01-08T10:02:12.930947Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

The rsaverifyhashex function in rsaverify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a Bleichenbacher signature forgery attack.

References

Affected packages

Debian:11 / libtomcrypt

Package

Name: libtomcrypt
Purl: pkg:deb/debian/libtomcrypt?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.17-8

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libtomcrypt

Package

Name: libtomcrypt
Purl: pkg:deb/debian/libtomcrypt?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.17-8

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libtomcrypt

Package

Name: libtomcrypt
Purl: pkg:deb/debian/libtomcrypt?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.17-8

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/libtom/libtomcrypt

Affected ranges

Type: GIT
Repo: https://github.com/libtom/libtomcrypt
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

5eb9743410ce4657e9d54fef26a2ee31a1b5dd0

Fixed

5eb9743410ce4657e9d54fef26a2ee31a1b5dd0

Affected versions

0.*

0.75

0.76

0.77

0.78

0.79

0.80

0.81

0.82

0.83

0.84

0.85

0.86

0.87

0.88

0.89

0.90

0.91

0.92

0.93

0.94

0.95

0.96

0.97

0.97a

0.97b

0.98

0.99

1.*

1.00

1.01

1.02

1.03

1.04

1.05

1.06

1.07

1.08

1.09

1.10

1.11

1.12

1.13

1.14

1.15

1.16

1.17