Vulnerability Details : CVE-2016-8661
Little Snitch version 3.0 through 3.6.1 suffer from a buffer overflow vulnerability that could be locally exploited which could lead to an escalation of privileges (EoP) and unauthorised ring0 access to the operating system. The buffer overflow is related to insufficient checking of parameters to the "OSMalloc" and "copyin" kernel API calls.
Vulnerability category: Overflow
Products affected by CVE-2016-8661
- cpe:2.3:a:obdev:little_snitch:3.6:*:*:*:*:*:*:*
- cpe:2.3:a:obdev:little_snitch:3.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:obdev:little_snitch:3.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:obdev:little_snitch:3.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:obdev:little_snitch:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:obdev:little_snitch:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:obdev:little_snitch:3.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:obdev:little_snitch:3.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:obdev:little_snitch:3.4:*:*:*:*:*:*:*
- cpe:2.3:a:obdev:little_snitch:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:obdev:little_snitch:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:obdev:little_snitch:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:obdev:little_snitch:3.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:obdev:little_snitch:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:obdev:little_snitch:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:obdev:little_snitch:3.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:obdev:little_snitch:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:obdev:little_snitch:3.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:obdev:little_snitch:3.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:obdev:little_snitch:3.3:*:*:*:*:*:*:*
- cpe:2.3:a:obdev:little_snitch:3.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-8661
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 32 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-8661
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
8.4
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.5
|
5.9
|
NIST |
CWE ids for CVE-2016-8661
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-8661
-
https://speakerdeck.com/patrickwardle/defcon-2016-i-got-99-problems-but-little-snitch-aint-one
[DefCon 2016] I got 99 Problems, but Little Snitch ain’t one! - Speaker DeckTechnical Description
-
http://www.securityfocus.com/bid/94352
Little Snitch CVE-2016-8661 Local Buffer Overflow Vulnerability
Jump to