PatchSiren cyber security CVE debrief

CVE-2016-7932 Tcpdump CVE debrief

CVE-2016-7932 is a critical tcpdump flaw in the PIM parser that can trigger a buffer overflow in print-pim.c:pimv2_check_checksum(). The NVD record identifies tcpdump versions through 4.8.1 as vulnerable and assigns a CVSS 3.0 score of 9.8, reflecting the potential for severe impact from malformed network traffic processed by tcpdump.

Vendor: Tcpdump
Product: CVE-2016-7932
CVSS: CRITICAL 9.8
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-01-28
Original CVE updated: 2026-05-13
Advisory published: 2017-01-28
Advisory updated: 2026-05-13

Who should care

Security teams, Linux and BSD administrators, incident responders, and anyone running tcpdump on systems that may inspect untrusted packet captures or live network traffic. Package maintainers and distro users should also care because the fix is typically delivered through vendor updates.

Technical summary

The issue is a memory-safety bug in tcpdump’s PIM parser, specifically in print-pim.c:pimv2_check_checksum(). NVD classifies it as CWE-119 and lists the vulnerable CPE range as tcpdump up to 4.8.1. The CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) indicates that malformed network input can lead to high-severity compromise of confidentiality, integrity, and availability.

Defensive priority

High. This is a pre-authentication, network-reachable parser bug in a widely used packet analysis tool, with critical severity and broad impact if exposed to attacker-controlled traffic or packet files.

Recommended defensive actions

Upgrade tcpdump to 4.9.0 or later, or install the vendor package update that contains the fix.
Confirm deployed package versions are not within the vulnerable range identified by NVD (through 4.8.1).
Prioritize hosts that analyze untrusted packet captures, process remote traffic, or run tcpdump in automated pipelines.
Use distro security advisories and package managers to verify the patched build is installed.
If tcpdump is embedded in tooling or scripts, rebuild or redeploy those components against a fixed tcpdump release.

Evidence notes

Source corpus evidence includes the official CVE record and NVD detail page, which identify the issue as a buffer overflow in tcpdump before 4.9.0 in print-pim.c:pimv2_check_checksum(). NVD metadata also provides the CVSS 3.0 vector, CWE-119 classification, and the vulnerable CPE range through 4.8.1. The supplied references point to Debian, Red Hat, Gentoo, SecurityFocus, SecurityTracker, and a Debian mailing list thread; however, the corpus does not include the full text of those advisories, so they are treated as corroborating references only.

Official resources

CVE-2016-7932 CVE record
CVE.org
CVE-2016-7932 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Source reference
[email protected]
Source reference
[email protected]
Source reference
[email protected]
Source reference
[email protected]

Publicly disclosed in the CVE record on 2017-01-28; the NVD entry in the supplied corpus was last modified on 2026-05-13.