CVE-2016-6129
published 2017-02-13CVE-2016-6129: The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the…
PriorityP335high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
0.78%
51.1th percentile
The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a Bleichenbacher signature forgery attack.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atrodo | net | < 0.14 | 0.14 |
| atrodo | net_dropbear | < 0.14 | 0.14 |
| debian | libtomcrypt | < libtomcrypt 1.17-8 (bookworm) | libtomcrypt 1.17-8 (bookworm) |
| libtom | libtomcrypt | <= 1.17 | — |
| libtomcrypt | libtomcrypt | >= 0 < 1.17-8 | 1.17-8 |
| libtomcrypt | libtomcrypt | >= 0 < 1.17-8 | 1.17-8 |
| libtomcrypt | libtomcrypt | >= 0 < 1.17-8 | 1.17-8 |
| libtomcrypt | libtomcrypt | >= 0 < 1.17-8 | 1.17-8 |
| trustedfirmware | op-tee | < 2.2.0 | 2.2.0 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fwph-xhj4-v8r5: Net::Dropbear versions before 0
ghsa_unreviewed·2026-04-21·CVSS 7.5
CVE-2025-15638 [HIGH] GHSA-fwph-xhj4-v8r5: Net::Dropbear versions before 0
Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt.
Net::Dropbear versions before 0.14 includes versions of Dropbear 2019.78 or earlier. These include versions of libtomcrypt v1.18.1 or earlier, which is affected by CVE-2016-6129 and CVE-2018-12437.
OSV
CVE-2016-6129: The rsa_verify_hash_ex function in rsa_verify_hash
osv·2017-02-13·CVSS 7.5
CVE-2016-6129 [HIGH] CVE-2016-6129: The rsa_verify_hash_ex function in rsa_verify_hash
The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a Bleichenbacher signature forgery attack.
Red Hat
libtomcrypt: possible OP-TEE Bleichenbacher attack
vendor_redhat·2016-08-26·CVSS 7.5
CVE-2016-6129 [HIGH] libtomcrypt: possible OP-TEE Bleichenbacher attack
libtomcrypt: possible OP-TEE Bleichenbacher attack
The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a Bleichenbacher signature forgery attack.
Package: libtomcrypt (Red Hat Enterprise Linux 7) - Not affected
Package: libtomcrypt (Red Hat Virtualization 4) - Not affected
Debian
CVE-2016-6129: libtomcrypt - The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in ...
vendor_debian·2016·CVSS 7.5
CVE-2016-6129 [HIGH] CVE-2016-6129: libtomcrypt - The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in ...
The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a Bleichenbacher signature forgery attack.
Scope: local
bookworm: resolved (fixed in 1.17-8)
bullseye: resolved (fixed in 1.17-8)
forky: resolved (fixed in 1.17-8)
sid: resolved (fixed in 1.17-8)
trixie: resolved (fixed in 1.17-8)
Suricata
ET EXPLOIT Dameware DMRC Buffer Overflow Attempt (CVE-2016-2345)
suricata·2016-04-06·CVSS 9.8
CVE-2016-2345 [CRITICAL] ET EXPLOIT Dameware DMRC Buffer Overflow Attempt (CVE-2016-2345)
ET EXPLOIT Dameware DMRC Buffer Overflow Attempt (CVE-2016-2345)
Rule: alert tcp any any -> any 6129 (msg:"ET EXPLOIT Dameware DMRC Buffer Overflow Attempt (CVE-2016-2345)"; flow:established,to_server; content:"|44 9c 00 00|"; depth:4; content:"|90 90 90 90 90 90 90 90|"; distance:0; content:"|eb 06 ff ff 61 11 40 00 90 90 90 e9 6b fa ff ff|"; distance:0; reference:cve,2016-2345; reference:url,www.securifera.com/blog/2016/04/03/fun-with-remote-controllers-dameware-mini-remote-control-cve-2016-2345; classtype:attempted-admin; sid:2022712; rev:1; metadata:created_at 2016_04_06, cve CVE_2016_2345, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)
No public exploits indexed.
Bugzilla
CVE-2016-6129 libtomcrypt: possible OP-TEE Bleichenbacher attack
bugzilla·2016-08-28·CVSS 7.5
CVE-2016-6129 [HIGH] CVE-2016-6129 libtomcrypt: possible OP-TEE Bleichenbacher attack
CVE-2016-6129 libtomcrypt: possible OP-TEE Bleichenbacher attack
It has been reported that libtomcrypt may be vulnerable to a Bleichenbacher attack due to a vulnerability in rsa_verify_hash.c
CERT has provided the details from Intel Security Advanced Threat Research team.
Bleichenbacher signature forgery attack in OP-TEE
Background
The implementation for RSA signature verification of PKCS 1 v1.5 in the Open Portable Trusted Execution Environment (https://github.com/OP-TEE/optee_os) appears to be vulnerable to a Bleichenbacher signature forgery attack. The vulnerability may result in RSA signature or public certificate forgery when a low public exponent (for example, e = 3) is used.
Vulnerability
The function rsa_verify_hash_ex (https://github.com/OPTEE/optee_os/blob/master/core/li
Bugzilla
CVE-2016-6129 libtomcrypt: possible OP-TEE Bleichenbacher attack [epel-all]
bugzilla·2016-08-28·CVSS 7.5
CVE-2016-6129 [HIGH] CVE-2016-6129 libtomcrypt: possible OP-TEE Bleichenbacher attack [epel-all]
CVE-2016-6129 libtomcrypt: possible OP-TEE Bleichenbacher attack [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions
Bugzilla
CVE-2016-6129 libtomcrypt: possible OP-TEE Bleichenbacher attack [fedora-all]
bugzilla·2016-08-28·CVSS 7.5
CVE-2016-6129 [HIGH] CVE-2016-6129 libtomcrypt: possible OP-TEE Bleichenbacher attack [fedora-all]
CVE-2016-6129 libtomcrypt: possible OP-TEE Bleichenbacher attack [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of
https://bugzilla.redhat.com/show_bug.cgi?id=1370955https://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd0https://www.op-tee.org/advisories/https://bugzilla.redhat.com/show_bug.cgi?id=1370955https://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd0https://www.op-tee.org/advisories/
2017-02-13
Published