CVE-2016-7927 Tcpdump CVE debrief

Who should care

Administrators, security teams, and developers who use tcpdump to inspect live traffic or process untrusted packet captures, especially in environments where packet parsing is exposed to attacker-controlled input.

Technical summary

NVD lists this issue as CWE-119 (buffer overflow) in tcpdump’s IEEE 802.11 parser. The affected CPE range includes tcpdump versions up to 4.8.1, and the vulnerability description states that tcpdump before 4.9.0 is affected. The NVD CVSS vector is CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating a remotely reachable flaw with high impact.

Defensive priority

Urgent

Recommended defensive actions

• Upgrade tcpdump to version 4.9.0 or later, or to the vendor-fixed package version provided by your distribution.
• Inventory systems that run tcpdump directly or embed its packet-parsing code, and prioritize any that process untrusted captures or mirrored network traffic.
• Treat packet-capture files and live traffic as untrusted input in security reviews and operational monitoring.
• Confirm remediation against the vendor advisories referenced by NVD, including Debian, Red Hat, and Gentoo notices.

Evidence notes

Source evidence comes from the public NVD CVE record published on 2017-01-28 and modified on 2026-05-13. NVD describes the flaw as a buffer overflow in print-802_11.c:ieee802_11_radio_print(), maps it to CWE-119, and assigns CVSS 3.0 9.8 with vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The supplied NVD record also lists tcpdump versions through 4.8.1 as vulnerable and references Debian, Red Hat, and Gentoo security advisories.

Official resources