CVE-2017-5482 Tcpdump CVE debrief

Who should care

Security teams, Linux distro maintainers, and operators who use tcpdump to inspect untrusted packet captures or traffic, especially on systems running tcpdump 4.8.1 or earlier.

Technical summary

NVD describes a buffer overflow in print-fr.c:q933_print() in tcpdump's Q.933 parser, classified as CWE-119. The CVSS v3.0 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8), indicating a critical issue with no privileges or user interaction required once the vulnerable parser is reached. The CVE description explicitly notes this is distinct from CVE-2016-8575.

Defensive priority

Critical

Recommended defensive actions

• Upgrade tcpdump to 4.9.0 or later, or install vendor backports that include the fix.
• Inventory hosts and appliances that ship tcpdump, including distro packages, and verify versions are not 4.8.1 or earlier.
• Prefer trusted capture sources and minimize exposure of tcpdump to untrusted or attacker-controlled packet data.
• Track vendor advisories and package errata linked in the CVE record for distribution-specific remediation status.

Evidence notes

Primary evidence comes from the NVD CVE record, which identifies a buffer overflow in q933_print(), classifies it as CWE-119, and lists tcpdump versions through 4.8.1 as vulnerable. The CVE description states the issue is different from CVE-2016-8575. Downstream remediation references are present for Debian, Red Hat, and Gentoo, supporting broad package-level impact.

Official resources