Vulnerability Details CVE-2016-8661
Little Snitch version 3.0 through 3.6.1 suffer from a buffer overflow vulnerability that could be locally exploited which could lead to an escalation of privileges (EoP) and unauthorised ring0 access to the operating system. The buffer overflow is related to insufficient checking of parameters to the "OSMalloc" and "copyin" kernel API calls.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 16.1%
CVSS Severity
CVSS v3 Score 8.4
CVSS v2 Score 7.2
References
Products affected by CVE-2016-8661
-
cpe:2.3:a:obdev:little_snitch:3.0
-
cpe:2.3:a:obdev:little_snitch:3.0.1
-
cpe:2.3:a:obdev:little_snitch:3.0.2
-
cpe:2.3:a:obdev:little_snitch:3.0.3
-
cpe:2.3:a:obdev:little_snitch:3.0.4
-
cpe:2.3:a:obdev:little_snitch:3.1
-
cpe:2.3:a:obdev:little_snitch:3.1.1
-
cpe:2.3:a:obdev:little_snitch:3.3
-
cpe:2.3:a:obdev:little_snitch:3.3.1
-
cpe:2.3:a:obdev:little_snitch:3.3.2
-
cpe:2.3:a:obdev:little_snitch:3.3.3
-
cpe:2.3:a:obdev:little_snitch:3.3.4
-
cpe:2.3:a:obdev:little_snitch:3.4
-
cpe:2.3:a:obdev:little_snitch:3.4.1
-
cpe:2.3:a:obdev:little_snitch:3.4.2
-
cpe:2.3:a:obdev:little_snitch:3.5
-
cpe:2.3:a:obdev:little_snitch:3.5.1
-
cpe:2.3:a:obdev:little_snitch:3.5.2
-
cpe:2.3:a:obdev:little_snitch:3.5.3
-
cpe:2.3:a:obdev:little_snitch:3.6
-
cpe:2.3:a:obdev:little_snitch:3.6.1