high
7.5
CWE
20
Advisory Published
CVE Published
Updated

CVE-2016-6129: Input Validation

First published: Sun Aug 28 2016(Updated: )

It has been reported that libtomcrypt may be vulnerable to a Bleichenbacher attack due to a vulnerability in rsa_verify_hash.c CERT has provided the details from Intel Security Advanced Threat Research team. ---------------------------------------------------------------------- Bleichenbacher signature forgery attack in OP-TEE Background The implementation for RSA signature verification of PKCS 1 v1.5 in the Open Portable Trusted Execution Environment (<a href="https://github.com/OP-TEE/optee_os">https://github.com/OP-TEE/optee_os</a>) appears to be vulnerable to a Bleichenbacher signature forgery attack. The vulnerability may result in RSA signature or public certificate forgery when a low public exponent (for example, e = 3) is used. Vulnerability The function rsa_verify_hash_ex (<a href="https://github.com/OPTEE/optee_os/blob/master/core/lib/libtomcrypt/src/pk/rsa/rsa_verify_hash.c">https://github.com/OPTEE/optee_os/blob/master/core/lib/libtomcrypt/src/pk/rsa/rsa_verify_hash.c</a>) does not check the number of remaining bytes in the decrypted message after ASN.1 encoded data. The function decodes the ASN.1 message and checks that it has the correct structure and values (OID and hash). This permits additional data after the ASN.1 message that can be used to forge a PKCS1 v1.5 signature for keys with a low public exponent. The original variant of the attack is described here: <a href="https://www.ietf.org/mail-archive/web/openpgp/current/msg00999.html">https://www.ietf.org/mail-archive/web/openpgp/current/msg00999.html</a> ----------------------------------------------------------------------

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
OP-TEE<=2.1.0
Libmcrypt<=1.17

Remedy

https://bugzilla.redhat.com/show_bug.cgi?id=1370955

Remedy

https://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd0

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2016-6129?

    CVE-2016-6129 is classified as a medium severity vulnerability due to its potential exploitation via a Bleichenbacher attack.

  • What software is affected by CVE-2016-6129?

    CVE-2016-6129 affects libtomcrypt versions up to 1.17 and OP-TEE OS versions up to 2.1.0.

  • How do I fix CVE-2016-6129?

    To fix CVE-2016-6129, update libtomcrypt to a later version beyond 1.17 and OP-TEE OS to a later version than 2.1.0.

  • What is the nature of the vulnerability in CVE-2016-6129?

    CVE-2016-6129 involves a flaw in rsa_verify_hash.c that may allow for a Bleichenbacher attack, compromising RSA signature verification.

  • Is there a workaround for CVE-2016-6129 if I cannot update?

    There are no known effective workarounds for CVE-2016-6129, so it is recommended to apply the necessary updates.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203