{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2016-6129","title":"Title"},{"category":"description","text":"The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a Bleichenbacher signature forgery attack.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2016-6129","url":"https://www.suse.com/security/cve/CVE-2016-6129"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 997543 for CVE-2016-6129","url":"https://bugzilla.suse.com/997543"}],"title":"SUSE CVE CVE-2016-6129","tracking":{"current_release_date":"2025-02-18T15:40:29Z","generator":{"date":"2023-02-15T04:59:58Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2016-6129","initial_release_date":"2023-02-15T04:59:58Z","revision_history":[{"date":"2023-02-15T04:59:58Z","number":"2","summary":"Current version"},{"date":"2025-01-01T09:45:25Z","number":"3","summary":"Current version"},{"date":"2025-02-18T15:40:29Z","number":"4","summary":"Current version"}],"status":"interim","version":"4"}}}