164 matches found
OP-TEE has an unspecified vulnerability
OP-TEE is an open source trusted execution environment. A security vulnerability exists in the LibTomCrypt code in OP-TEE 2.4.0 and earlier versions. The vulnerability can be exploited by an attacker to recover private keys...
Code injection
Linaro's open source TEE solution called OP-TEE, version 2.4.0 and older is vulnerable to the bellcore attack in the LibTomCrypt code resulting in compromised private RSA key...
CVE-2017-1000412
Linaro's open source TEE solution called OP-TEE, version 2.4.0 and older is vulnerable to the bellcore attack in the LibTomCrypt code resulting in compromised private RSA key...
CVE-2017-1000412
Linaro's open source TEE solution called OP-TEE, version 2.4.0 and older is vulnerable to the bellcore attack in the LibTomCrypt code resulting in compromised private RSA key...
CVE-2017-1000412
OP-TEE (Linaro) versions 2.4.0 and older are vulnerable to a bellcore attack in the LibTomCrypt code, resulting in a compromised private RSA key. Root cause:LibTomCrypt usage within OP-TEE; affected component is the TEE implementation. Impact: potential exposure of private RSA keys. Exploitation ...
CVE-2017-1000412
Linaro's open source TEE solution called OP-TEE, version 2.4.0 and older is vulnerable to the bellcore attack in the LibTomCrypt code resulting in compromised private RSA key...
Amazon Linux AMI : libtommath / libtomcrypt (ALAS-2017-864)
possible OP-TEE Bleichenbacher attack : The rsaverifyhashex function in rsaverifyhash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public...
Medium: libtommath, libtomcrypt
Issue Overview: possible OP-TEE Bleichenbacher attack: The rsaverifyhashex function in rsaverifyhash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA...
CVE-2016-10335
In all Android releases from CAF using the Linux kernel, libtomcrypt was updated...
Code injection
In all Android releases from CAF using the Linux kernel, libtomcrypt was updated...
CVE-2016-10335
In all Android releases from CAF using the Linux kernel, libtomcrypt was updated...
CVE-2016-10335
CVE-2016-10335 involves Android CAF builds; connected documents indicate that the Linux kernel usage within CAF Android releases involves an update to libtomcrypt. The available sources do not provide explicit vulnerability details, affected vendor/product version ranges, root cause analysis, exp...
CVE-2016-6129
The rsaverifyhashex function in rsaverifyhash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a...
CVE-2016-10335
In all Android releases from CAF using the Linux kernel, libtomcrypt was updated...
Linaro OP-TEE Security Bypass Vulnerability
Linaro OP-TEE is an open source portable trusted execution environment.LibTomCrypt is a portable cryptographic toolkit for developers. A security vulnerability exists in the 'rsaverifyhashex' function of the rsaverifyhash.c file of LibTomCrypt used by Linaro OP-TEE. A remote attacker could exploi...
CVE-2016-6129
The rsaverifyhashex function in rsaverifyhash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a...
Server side request forgery (ssrf)
The rsaverifyhashex function in rsaverifyhash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a...
CVE-2016-6129
The rsaverifyhashex function in rsaverifyhash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a...
UBUNTU-CVE-2016-6129
The rsaverifyhashex function in rsaverifyhash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a...
DEBIAN-CVE-2016-6129
The rsaverifyhashex function in rsaverifyhash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a...