PatchSiren cyber security CVE debrief

CVE-2016-7933 Tcpdump CVE debrief

CVE-2016-7933 is a critical buffer overflow in tcpdump's PPP parser, specifically in print-ppp.c:ppp_hdlc_if_print(). The issue was published on 2017-01-28 and is rated CVSS 3.0 9.8. NVD lists tcpdump versions up to 4.8.1 as vulnerable, while the CVE description says tcpdump before 4.9.0 is affected.

Vendor: Tcpdump
Product: CVE-2016-7933
CVSS: CRITICAL 9.8
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-01-28
Original CVE updated: 2026-05-13
Advisory published: 2017-01-28
Advisory updated: 2026-05-13

Who should care

Organizations that use tcpdump for packet capture review, network troubleshooting, security analysis, or other processing of untrusted traffic or capture files should prioritize this issue. Systems still running tcpdump releases before the fixed version need attention.

Technical summary

The vulnerability is a buffer overflow in the PPP parsing path of tcpdump, in ppp_hdlc_if_print(). NVD assigns CWE-119 and a CVSS vector of CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating a high-severity memory-safety flaw in parser handling. The source corpus shows affected versions through 4.8.1 in NVD's CPE criteria, while the CVE description states tcpdump before 4.9.0 is impacted.

Defensive priority

High. Treat as urgent remediation for any environment still using affected tcpdump versions, especially where the tool processes untrusted packet captures or traffic.

Recommended defensive actions

Upgrade tcpdump to a fixed release at or above 4.9.0, or to the vendor package version that includes the fix.
Inventory hosts and appliances that include tcpdump, including distro-packaged copies, and confirm package versions against the affected range.
Review downstream advisories and package updates from Debian, Red Hat, and Gentoo for distribution-specific fixed builds.
Reduce exposure to untrusted capture inputs where feasible until patched.
If immediate upgrading is not possible, remove or restrict tcpdump use on systems that do not require it.

Evidence notes

Primary evidence comes from the NVD CVE record and its metadata: the description states a buffer overflow in print-ppp.c:ppp_hdlc_if_print(), the weakness is CWE-119, and the CVSS vector is 9.8. NVD's CPE criteria mark tcpdump versions through 4.8.1 as vulnerable. The record also links to Debian, Red Hat, and Gentoo advisories that reflect vendor-side remediation. Note: the corpus contains a version-range difference between the human-readable description ('before 4.9.0') and the NVD CPE criteria ('up to 4.8.1').

Official resources

CVE-2016-7933 CVE record
CVE.org
CVE-2016-7933 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Source reference
[email protected]
Source reference
[email protected]
Source reference
[email protected]
Source reference
[email protected]

Published in the CVE record on 2017-01-28. The source corpus shows later metadata modification on 2026-05-13, but that is not the vulnerability date.