PatchSiren cyber security CVE debrief

CVE-2016-8574 Tcpdump CVE debrief

CVE-2016-8574 is a critical memory-safety flaw in tcpdump’s FRF.15 parser. The issue is described as a buffer overflow in print-fr.c:frf15_print(), affecting tcpdump versions before 4.9.0. The NVD record maps the weakness to CWE-119 and rates the issue CVSS 3.0 9.8, reflecting the potential for severe impact where vulnerable parsing code is reachable.

Vendor: Tcpdump
Product: CVE-2016-8574
CVSS: CRITICAL 9.8
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-01-28
Original CVE updated: 2026-05-13
Advisory published: 2017-01-28
Advisory updated: 2026-05-13

Who should care

Administrators, security teams, and developers who install or package tcpdump should pay attention, especially if tcpdump is used on production systems, in packet-analysis workflows, or embedded in distribution packages and appliances. Organizations that rely on distro-maintained tcpdump builds should confirm that their vendor advisory has been applied.

Technical summary

The supplied corpus identifies a buffer overflow in tcpdump’s FRF.15 parser, specifically in frf15_print() within print-fr.c. NVD associates the issue with CWE-119 and lists tcpdump versions through 4.8.1 as vulnerable, while the CVE description states the issue exists in tcpdump before 4.9.0. The vulnerability is exposed through packet parsing logic, so affected installations should be considered high priority for remediation.

Defensive priority

High. The vulnerability is rated critical (CVSS 9.8) and affects a core parsing path in tcpdump. Treat upgrades as urgent, especially on systems that process untrusted packet captures or rely on automated analysis pipelines.

Recommended defensive actions

Upgrade tcpdump to a fixed release at or beyond 4.9.0, or install the vendor-packaged security update for your distribution.
Inventory systems and appliances that include tcpdump, including embedded or bundled copies, and confirm the installed version is not in the affected range.
Validate remediation using package manager records or vendor advisories such as Debian DSA-3775, Red Hat RHSA-2017:1871, and Gentoo GLSA 201702-30 listed in the corpus.
If tcpdump is not required on a system, remove or restrict it to reduce exposure to parsing untrusted traffic captures.
Monitor security baselines and change-management records for any older tcpdump builds that may have been missed during patching.

Evidence notes

This debrief is based only on the supplied NVD/CVE corpus and linked official or vendor-advisory references. The core facts are: a FRF.15 parser buffer overflow in tcpdump before 4.9.0; CWE-119 classification; CVSS 3.0 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H; and affected CPE coverage through 4.8.1 in NVD. No exploit code, reproduction steps, or unsupported impact claims are included.

Official resources

CVE-2016-8574 CVE record
CVE.org
CVE-2016-8574 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Source reference
[email protected]
Source reference
[email protected]
Source reference
[email protected]
Source reference
[email protected]

Publicly disclosed in the CVE record on 2017-01-28. No CISA KEV entry was provided in the supplied corpus.