CVE-2016-8661 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.4 HIGH	LOCAL	LOW	NONE	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
obdev	little_snitch	3.0
obdev	little_snitch	3.0.1
obdev	little_snitch	3.0.2
obdev	little_snitch	3.0.3
obdev	little_snitch	3.0.4
obdev	little_snitch	3.1
obdev	little_snitch	3.1.1
obdev	little_snitch	3.3
obdev	little_snitch	3.3.1
obdev	little_snitch	3.3.2
obdev	little_snitch	3.3.3
obdev	little_snitch	3.3.4
obdev	little_snitch	3.4
obdev	little_snitch	3.4.1
obdev	little_snitch	3.4.2
obdev	little_snitch	3.5
obdev	little_snitch	3.5.1
obdev	little_snitch	3.5.2
obdev	little_snitch	3.5.3
obdev	little_snitch	3.6
obdev	little_snitch	3.6.1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://www.securityfocus.com/bid/94352

https://speakerdeck.com/patrickwardle/defcon-2016-i-got-99-problems-but-little-snitch-aint-one

http://www.securityfocus.com/bid/94352

https://speakerdeck.com/patrickwardle/defcon-2016-i-got-99-problems-but-little-snitch-aint-one