Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-8661

Little Snitch version 3.0 through 3.6.1 suffer from a buffer overflow vulnerability that could be locally exploited which could lead to an escalation of privileges (EoP) and unauthorised ring0 access to the operating system. The buffer overflow is related to insufficient checking of parameters to the "OSMalloc" and "copyin" kernel API calls.

Published

2016-11-15T15:59:00.180

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 8.4 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

3.9

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-119
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application obdev little_snitch 3.0 Yes
Application obdev little_snitch 3.0.1 Yes
Application obdev little_snitch 3.0.2 Yes
Application obdev little_snitch 3.0.3 Yes
Application obdev little_snitch 3.0.4 Yes
Application obdev little_snitch 3.1 Yes
Application obdev little_snitch 3.1.1 Yes
Application obdev little_snitch 3.3 Yes
Application obdev little_snitch 3.3.1 Yes
Application obdev little_snitch 3.3.2 Yes
Application obdev little_snitch 3.3.3 Yes
Application obdev little_snitch 3.3.4 Yes
Application obdev little_snitch 3.4 Yes
Application obdev little_snitch 3.4.1 Yes
Application obdev little_snitch 3.4.2 Yes
Application obdev little_snitch 3.5 Yes
Application obdev little_snitch 3.5.1 Yes
Application obdev little_snitch 3.5.2 Yes
Application obdev little_snitch 3.5.3 Yes
Application obdev little_snitch 3.6 Yes
Application obdev little_snitch 3.6.1 Yes
References