ubuntu · CVE-2016-6129

Quick triage

Priority: medium Published: 2017-02-13 18:59:00 UTC Updated: 2025-08-25 22:07:23 UTC

View at Official ubuntu advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2016-6129 medium priority: Ubuntu including 1 source packages (libtomcrypt), 8 status rows across 8 suites (artful, bionic, precise, trusty, upstream, xenial, yakkety, zesty): ignored 3, released 3, needs-triage 1, not-affected 1.

Description:

The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a Bleichenbacher signature forgery attack.

cvelogic Threat Intelligence