High severity7.5NVD Advisory· Published Feb 13, 2017· Updated May 13, 2026

CVE-2016-6129

Description

The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a Bleichenbacher signature forgery attack.

Affected products

Libtom/Libtomcrypt
cpe:2.3:a:libtom:libtomcrypt:*:*:*:*:*:*:*:*
Range: <=1.17
Op Tee/Optee Os
cpe:2.3:o:op-tee:op-tee_os:*:*:*:*:*:*:*:*
Range: <=2.1.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatch
github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd0nvdIssue TrackingPatchThird Party Advisory
www.op-tee.org/advisories/nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000