CVE-2016-8575 Tcpdump CVE debrief

Who should care

Anyone running tcpdump on servers, analyst workstations, appliances, or in build/test environments should care, especially teams processing untrusted packet captures. Distro maintainers and security responders should also verify patched package versions.

Technical summary

The vulnerable code path is the Q.933 parser in tcpdump's print-fr.c:q933_print(), where malformed input can trigger a buffer overflow. The NVD record classifies the weakness as CWE-119 and assigns CVSS 3.0 vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The corpus ties the issue to tcpdump and includes vendor and distro advisories indicating package-level remediation.

Defensive priority

Critical. This is a remotely reachable parsing flaw in a widely used packet analysis tool, with high confidentiality, integrity, and availability impact in the NVD assessment. Prioritize patching any exposed or frequently used tcpdump deployments.

Recommended defensive actions

• Upgrade tcpdump to a fixed release at or above 4.9.0, or install the vendor/distro security update provided for your platform.
• Check whether your Linux distribution has already shipped a patched package via Debian DSA-3775, RHSA-2017:1871, or Gentoo GLSA 201702-30.
• Inventory systems that still carry tcpdump 4.8.1 or earlier and schedule remediation.
• Avoid processing untrusted packet captures with vulnerable tcpdump builds until patched.

Evidence notes

The CVE record published on 2017-01-28 identifies a buffer overflow in tcpdump before 4.9.0 and links to Debian, Red Hat, Gentoo, SecurityFocus, SecurityTracker, and a Debian mailing-list discussion. NVD's detail page supplies the CVSS vector, CWE-119 classification, and the vulnerable CPE range. The source item was last modified on 2026-05-13, which is a record-update date rather than the vulnerability's disclosure date.

Official resources