DEBIAN-CVE-2016-6129

The rsaverifyhashex function in rsaverifyhash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a...

PT-2017-8916

Name of the Vulnerable Software and Affected Versions LibTomCrypt versions prior to 2.2.0 OP-TEE versions prior to 2.2.0 Description The issue arises from the rsa verify hash ex function in rsa verify hash.c, which fails to validate that the message length matches the ASN.1 encoded data length...