|Description||The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a Bleichenbacher signature forgery attack.|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)|
Vulnerable and fixed packages
The table below lists information on source packages.
|bookworm, sid, bullseye||1.18.2-5||fixed|
The information below is based on the following data on fixed versions.
[jessie] - libtomcrypt <no-dsa> (Minor issue)
libtomcrypt ship the corresponding patch in
The CVE is originally assigend to OP-TEE, but the underlying issue seems to be in
libtomcrypt, thus keep that source package as well for now associated.