CVE-2016-7940 Tcpdump CVE debrief

Who should care

Security teams, Linux distribution maintainers, and administrators who use tcpdump to inspect or process packet captures should prioritize this issue, especially where untrusted network data or shared capture files may be analyzed.

Technical summary

The vulnerable component is the STP parser in tcpdump’s print-stp.c. NVD classifies the weakness as CWE-119 and records a buffer overflow affecting multiple functions. The vulnerability applies to tcpdump versions up to and including 4.8.1; the description also states the issue is present before 4.9.0.

Defensive priority

Critical

Recommended defensive actions

• Upgrade tcpdump to 4.9.0 or later, as indicated by the version boundary in the advisory data.
• Confirm package versions on endpoints and in base images, especially on systems that analyze packet captures.
• Treat untrusted capture files and network traces as potentially dangerous inputs until patched versions are deployed.
• Use vendor or distribution advisories to verify backported fixes where a full version upgrade is not immediately available.
• Rebuild or redeploy any automation, appliances, or containers that bundle an affected tcpdump release.

Evidence notes

The CVE record and NVD entry identify tcpdump as the affected product and describe a buffer overflow in the STP parser within print-stp.c. NVD lists vulnerable versions through 4.8.1 inclusive and assigns CWE-119 with a CVSS 3.0 base score of 9.8. The NVD metadata also links vendor/distribution advisories from Debian, Red Hat, and Gentoo that can be used to verify remediation status.

Official resources