CVE-2016-8661

HIGH Year: 2016
CVSS v3 Score
8.4
High
CVSS v2 Score
7.2
High
Weakness Type
CWE-119
View all →

Vulnerability Description

Little Snitch version 3.0 through 3.6.1 suffer from a buffer overflow vulnerability that could be locally exploited which could lead to an escalation of privileges (EoP) and unauthorised ring0 access to the operating system. The buffer overflow is related to insufficient checking of parameters to the "OSMalloc" and "copyin" kernel API calls.

Related Vulnerabilities

CVE-2011-1282

HIGH
CVSS:8.4(High)

The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and ...

CWE-1192011

CVE-2013-2597

HIGH
CVSS:8.4(High)

Stack-based buffer overflow in the acdb_ioctl function in audio_acdb.c in the acdb audio driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions f...

CWE-1192013

CVE-2016-0135

HIGH
CVSS:8.4(High)

The Secondary Logon Service in Microsoft Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Secondary Logon Elevation of Privilege Vulnerability."

CWE-1192016

CVE-2016-0840

HIGH
CVSS:8.4(High)

Multiple stack-based buffer underflows in decoder/ih264d_parse_cavlc.c in mediaserver in Android 6.x before 2016-04-01 allow remote attackers to execute arbitrary code or cause a denial of service (me...

CWE-1192016

CVE-2016-0842

HIGH
CVSS:8.4(High)

The H.264 decoder in libstagefright in Android 6.x before 2016-04-01 mishandles Memory Management Control Operation (MMCO) data, which allows remote attackers to execute arbitrary code or cause a deni...

CWE-1192016