CVE-2016-6129EPSS p50.9%

CVE-2016-6129CVE-2016-6129

trustedfirmware / op-tee

Description

The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a Bleichenbacher signature forgery attack.

Scoring

CVSS 7.5 ()
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS0.78% probability of exploitation · percentile 50.9% · 2026-06-19T12:03:05Z
Last modified2026-06-05

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-42768
CVE
CVE-2026-33662
CVE
CVE-2026-5194
CVE
CVE-2026-45614
CVE
CVE-2026-34875
CVE
CVE-2026-41677
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.