PT-2016-7544 · Objective Development · Little Snitch

Patrick Wardle

Publicado

2016-11-15

Atualizado

2020-11-09

CVE-2016-8661

CVSS v3.1

8.4

Alta

Vetor

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Little Snitch versions 3.0 through 3.6.1

Description The issue is related to a buffer overflow that could be locally exploited, potentially leading to an escalation of privileges and unauthorized access to the operating system. This buffer overflow is due to insufficient checking of parameters to the OSMalloc and copyin kernel API calls.

Recommendations For Little Snitch versions 3.0 through 3.6.1, consider restricting access to the OSMalloc and copyin kernel API calls as a temporary mitigation measure until a patch is available.

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

CVE-2016-8661

Produtos afetados

Little Snitch

PT-2016-7544 · Objective Development · Little Snitch

CVE-2016-8661

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4