187 matches found
PT-2019-11547
Name of the Vulnerable Software and Affected Versions: Linaro/OP-TEE OP-TEE versions 3.3.0 and earlier Description: The issue affects the optee os component and is related to a buffer overflow, which can lead to memory corruption and disclosure of memory content. Recommendations: For versions 3.3...
PT-2019-11545
Name of the Vulnerable Software and Affected Versions: Linaro/OP-TEE versions prior to 3.4.0 Description: The issue affects the optee os component and can lead to memory corruption of the TEE itself due to boundary crossing. Recommendations: For versions prior to 3.4.0, update to version 3.4.0 or...
PT-2019-11548
Name of the Vulnerable Software and Affected Versions: Linaro/OP-TEE OP-TEE versions prior to 3.4.0 Description: The issue is related to a buffer overflow in the optee os component, which can lead to code execution in the context of the TEE core kernel. Recommendations: For versions prior to 3.4....
PT-2019-11546
Name of the Vulnerable Software and Affected Versions: Linaro/OP-TEE versions prior to 3.4.0 Description: The issue is related to a rounding error in the optee os component, potentially leading to the leakage of code and/or data from previous Trusted Applications. Recommendations: For versions...
PT-2019-11550
Name of the Vulnerable Software and Affected Versions: Linaro/OP-TEE versions prior to 3.4.0 Description: The issue is related to a buffer overflow in the optee os component, which can lead to code execution in the context of the TEE core kernel. Recommendations: For versions prior to 3.4.0, upda...
DEBIAN-CVE-2016-6129
The rsaverifyhashex function in rsaverifyhash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a...
UBUNTU-CVE-2016-6129
The rsaverifyhashex function in rsaverifyhash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a...