CVE-2016-8661
Last modified
CVE-2016-8661 is a vulnerability of currently unknown severity. Little Snitch version 3.0 through 3.6.1 suffer from a buffer overflow vulnerability that could be locally exploited which could lead to an escalation of privileges (EoP) and unauthorised ring0 access to the operating system. The buffer overflow is related to insufficient checking of parameters to the "OSMalloc" and "copyin" kernel API calls.. EPSS estimates a 0.42% chance of exploitation in the next 30 days.
Description
Little Snitch version 3.0 through 3.6.1 suffer from a buffer overflow vulnerability that could be locally exploited which could lead to an escalation of privileges (EoP) and unauthorised ring0 access to the operating system. The buffer overflow is related to insufficient checking of parameters to the "OSMalloc" and "copyin" kernel API calls.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Obdev | Little Snitch | 3.0 |
| Obdev | Little Snitch | 3.0.1 |
| Obdev | Little Snitch | 3.0.2 |
| Obdev | Little Snitch | 3.0.3 |
| Obdev | Little Snitch | 3.0.4 |
| Obdev | Little Snitch | 3.1 |
| Obdev | Little Snitch | 3.1.1 |
| Obdev | Little Snitch | 3.3 |
| Obdev | Little Snitch | 3.3.1 |
| Obdev | Little Snitch | 3.3.2 |
| Obdev | Little Snitch | 3.3.3 |
| Obdev | Little Snitch | 3.3.4 |
| Obdev | Little Snitch | 3.4 |
| Obdev | Little Snitch | 3.4.1 |
| Obdev | Little Snitch | 3.4.2 |
| Obdev | Little Snitch | 3.5 |
| Obdev | Little Snitch | 3.5.1 |
| Obdev | Little Snitch | 3.5.2 |
| Obdev | Little Snitch | 3.5.3 |
| Obdev | Little Snitch | 3.6 |
| Obdev | Little Snitch | 3.6.1 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-8661?
How severe is CVE-2016-8661?
How do I fix CVE-2016-8661?
Are you affected by CVE-2016-8661?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST