| Name | CVE-2016-6129 |
| Description | The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a Bleichenbacher signature forgery attack. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DLA-612-1 |
| Debian Bugs | 837042 |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| libtomcrypt (PTS) | buster | 1.18.2-1 | fixed |
| bullseye | 1.18.2-5 | fixed |
| bookworm | 1.18.2-6 | fixed |
| sid, trixie | 1.18.2+dfsg-7 | fixed |
The information below is based on the following data on fixed versions.
Notes
[jessie] - libtomcrypt <no-dsa> (Minor issue)
https://github.com/OP-TEE/optee_os/commit/30d13250c390c4f56adefdcd3b64b7cc672f9fe2
libtomcrypt ship the corresponding patch in
https://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd09
The CVE is originally assigend to OP-TEE, but the underlying issue seems to be in
libtomcrypt, thus keep that source package as well for now associated.