Is CVE-2016-6129 actively exploited?

CVE-2016-6129 has no public evidence of in-the-wild exploitation as of 2025-04-20.

What is the CVSS score for CVE-2016-6129?

CVE-2016-6129 has a CVSS score of 7.5 (HIGH severity). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.

How do I patch CVE-2016-6129?

Patch guidance is available from op-tee security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2016-6129.

Which products are affected by CVE-2016-6129?

2 products: op-tee op-tee os, libtom libtomcrypt.

Fix CVE-2016-6129 - HIGH op-tee op-tee os

Description

The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a Bleichenbacher signature forgery attack.

CVSS Metrics

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: none
Integrity: high
Availability: none
Weaknesses: CWE-20 · Improper Input Validation

Metadata

Primary Vendor: OP-TEE
Published: 2/13/2017
Last Modified: 4/20/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

op-tee : op-tee_oslibtom : libtomcrypt

Remediation Guidance

Executive Summary

Cite this page

CVE-2016-6129. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2016-6129

View on NIST NVD

CVE-2016-6129 vulnerability