VYPR
← All advisories
High severity8.4NVD Advisory· Published Nov 15, 2016· Updated May 6, 2026

CVE-2016-8661

CVE-2016-8661

Description

Little Snitch version 3.0 through 3.6.1 suffer from a buffer overflow vulnerability that could be locally exploited which could lead to an escalation of privileges (EoP) and unauthorised ring0 access to the operating system. The buffer overflow is related to insufficient checking of parameters to the "OSMalloc" and "copyin" kernel API calls.

Affected products

21
  • Obdev/Little Snitch21 versions
    cpe:2.3:a:obdev:little_snitch:3.0:*:*:*:*:*:*:*+ 20 more
    • cpe:2.3:a:obdev:little_snitch:3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:obdev:little_snitch:3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:obdev:little_snitch:3.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:obdev:little_snitch:3.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:obdev:little_snitch:3.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:obdev:little_snitch:3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:obdev:little_snitch:3.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:obdev:little_snitch:3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:obdev:little_snitch:3.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:obdev:little_snitch:3.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:obdev:little_snitch:3.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:obdev:little_snitch:3.3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:obdev:little_snitch:3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:obdev:little_snitch:3.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:obdev:little_snitch:3.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:obdev:little_snitch:3.5:*:*:*:*:*:*:*
    • cpe:2.3:a:obdev:little_snitch:3.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:obdev:little_snitch:3.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:obdev:little_snitch:3.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:obdev:little_snitch:3.6:*:*:*:*:*:*:*
    • cpe:2.3:a:obdev:little_snitch:3.6.1:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.