HIGH
Libtom
CVE published 2017-02-13
CVE-2016-6129
CVE-2016-6129 is a high-severity RSA signature verification flaw in LibTomCrypt’s rsa_verify_hash_ex function, used by OP-TEE before 2.2.0. The issue stems from missing validation that the message length matches the ASN.1 encoded data length, which can make RSA signature or certificate forgery easier for a remote attacker. NVD classifies the weakness as CWE-20 and rates it CVSS 3.0 7.5 (AV:N/AC:L/PR:N/UI: [truncated]