CVE-2016-6129 — libtomcrypt - security update

Description

The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a Bleichenbacher signature forgery attack.

How to fix CVE-2016-6129

To remediate CVE-2016-6129, upgrade the affected package to a fixed version below.

—upgrade to 1.17-8 or later
—upgrade to 1.17-3.2+deb7u1 or later

Is CVE-2016-6129 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 1.17-8
from 0, < 1.17-3.2+deb7u1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2016-6129