CVE-2017-5203 Redhat CVE debrief

Who should care

Security teams, package maintainers, and administrators that run tcpdump or ship it inside larger platforms should treat this as urgent, especially where vulnerable package versions may still be present in Linux distributions or appliance images.

Technical summary

According to NVD, the flaw is a buffer overflow in tcpdump’s BOOTP parsing path. The vulnerable condition is associated with tcpdump versions before 4.9.0, and NVD assigns the CVSS vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The weakness is classified as CWE-119.

Defensive priority

Urgent. A remotely reachable, no-privileges, no-user-interaction parsing flaw with full confidentiality, integrity, and availability impact merits immediate patch verification and version inventory checks.

Recommended defensive actions

• Upgrade tcpdump to version 4.9.0 or later, or apply the vendor package update that backports the fix.
• Verify installed tcpdump versions across servers, workstations, and any images or appliances that include packet-capture tooling.
• Check downstream distribution advisories for package-specific remediation guidance, including Debian, Red Hat, and Gentoo references linked in the record.
• Avoid using vulnerable tcpdump builds to process untrusted packet captures until patched.

Evidence notes

The supplied NVD record states: "The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print()." NVD also lists CVSS v3.0 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H and CWE-119. The reference set includes Debian, Red Hat, and Gentoo advisories, which supports downstream package impact. The CVE was published on 2017-01-28 and the NVD record was last modified on 2026-05-13; that modified date reflects record maintenance, not the original issue date.

Official resources