CVE-2016-8661

Summary

Little Snitch version 3.0 through 3.6.1 suffer from a buffer overflow vulnerability that could be locally exploited which could lead to an escalation of privileges (EoP) and unauthorised ring0 access to the operating system. The buffer overflow is related to insufficient checking of parameters to the "OSMalloc" and "copyin" kernel API calls.

Affected Software

VendorProductVersion RangeStatus
n/aLittle Snitch version 3.0 through 3.6.1Little Snitch version 3.0 through 3.6.1affected

Weaknesses

  • escalation of privileges

ADP Enrichment

CVE Program Container

Additional References

References