CVE-2016-8661

Published Nov 15, 2016

Last updated a year ago

CVSS high 8.4

Overview

Description: Little Snitch version 3.0 through 3.6.1 suffer from a buffer overflow vulnerability that could be locally exploited which could lead to an escalation of privileges (EoP) and unauthorised ring0 access to the operating system. The buffer overflow is related to insufficient checking of parameters to the "OSMalloc" and "copyin" kernel API calls.
Source: office@obdev.at
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 8.4
Impact score: 5.9
Exploitability score: 2.5
Vector string: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 7.2
Impact score: 10
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:obdev:little_snitch:3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B3104B3C-7FB4-45D8-8B94-38C64DB5358E"
          },
          {
            "criteria": "cpe:2.3:a:obdev:little_snitch:3.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83C15999-BD32-4576-976A-2B516A159BEC"
          },
          {
            "criteria": "cpe:2.3:a:obdev:little_snitch:3.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B790676-4683-4C37-8D6C-A7422F29D5B8"
          },
          {
            "criteria": "cpe:2.3:a:obdev:little_snitch:3.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA526073-1289-4A26-8D06-2F33318AD940"
          },
          {
            "criteria": "cpe:2.3:a:obdev:little_snitch:3.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C3AAF8D9-02A7-4AE4-A386-6DDC0F813163"
          },
          {
            "criteria": "cpe:2.3:a:obdev:little_snitch:3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D210C3B-3A48-4ACF-A957-253F15962EE5"
          },
          {
            "criteria": "cpe:2.3:a:obdev:little_snitch:3.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "35027020-5BFD-45EA-9371-7342B3CA9AAF"
          },
          {
            "criteria": "cpe:2.3:a:obdev:little_snitch:3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DFCCA6D8-420C-438A-806D-E3B909B12701"
          },
          {
            "criteria": "cpe:2.3:a:obdev:little_snitch:3.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C8B0447E-6A54-42ED-81A9-B4B16EF2C05B"
          },
          {
            "criteria": "cpe:2.3:a:obdev:little_snitch:3.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "08087DF0-3980-4F59-A759-DD5D710CB5FD"
          },
          {
            "criteria": "cpe:2.3:a:obdev:little_snitch:3.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "91998865-31C0-4F6F-A4E9-14F3C4727C5F"
          },
          {
            "criteria": "cpe:2.3:a:obdev:little_snitch:3.3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76108E38-65E9-4918-BB90-DCD6063E64F9"
          },
          {
            "criteria": "cpe:2.3:a:obdev:little_snitch:3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F625187-402F-461E-A760-EB967DA79E89"
          },
          {
            "criteria": "cpe:2.3:a:obdev:little_snitch:3.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A00C225-33C2-4F4A-AAF8-131A6FC8CC52"
          },
          {
            "criteria": "cpe:2.3:a:obdev:little_snitch:3.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "918A02B3-1F03-478E-990B-EDE245F69495"
          },
          {
            "criteria": "cpe:2.3:a:obdev:little_snitch:3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F518B2CE-C946-47EF-81BF-C3DF3A2CF9B6"
          },
          {
            "criteria": "cpe:2.3:a:obdev:little_snitch:3.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7D8D953E-4FC7-4F31-8DB5-DC2C5115CC92"
          },
          {
            "criteria": "cpe:2.3:a:obdev:little_snitch:3.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "34A22CFD-D6A7-4EAE-A459-69453ADEB703"
          },
          {
            "criteria": "cpe:2.3:a:obdev:little_snitch:3.5.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "239823E3-A508-4B67-8A5F-7DCFCCBD1C24"
          },
          {
            "criteria": "cpe:2.3:a:obdev:little_snitch:3.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7BACEFA0-52CD-45C7-B0A0-A9B4A1EA9B9E"
          },
          {
            "criteria": "cpe:2.3:a:obdev:little_snitch:3.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B0CA536C-001F-438F-8078-C6A4F51A6C15"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References