Your submission was sent successfully! Close

CVE-2016-6129

Published: 13 February 2017

The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a Bleichenbacher signature forgery attack.

From the Ubuntu security team

It was discovered that LibTomCrypt incorrectly handled RSA signatures or public certificates. An attacker could possibly use this issue to make a Bleichenbacher signature forgery attack.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
libtomcrypt
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(1.17-8)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1.17-7ubuntu0.1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1.17-5ubuntu0.1)