PatchSiren cyber security CVE debrief

CVE-2017-5483 Tcpdump CVE debrief

CVE-2017-5483 is a critical memory-corruption flaw in tcpdump’s SNMP parsing logic. The vulnerability is described as a buffer overflow in print-snmp.c:asn1_parse(), affecting tcpdump before 4.9.0; NVD also maps vulnerable tcpdump versions through 4.8.1. Because the CVSS base score is 9.8 with network vector, no privileges, and no user interaction, this should be treated as an urgent update item for any environment that uses tcpdump on untrusted packet data or capture files.

Vendor: Tcpdump
Product: CVE-2017-5483
CVSS: CRITICAL 9.8
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-01-28
Original CVE updated: 2026-05-13
Advisory published: 2017-01-28
Advisory updated: 2026-05-13

Who should care

Security teams, Linux and Unix platform owners, SOC and network engineering teams, and anyone running tcpdump in monitoring, troubleshooting, packet capture, or automated analysis workflows. Systems that process attacker-controlled or externally sourced SNMP traffic or capture files should be prioritized.

Technical summary

The underlying issue is a buffer overflow in the SNMP parser path of tcpdump, specifically in print-snmp.c:asn1_parse(). NVD classifies the weakness as CWE-119 and assigns CVSS 3.0 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating that successful exploitation could impact confidentiality, integrity, and availability. The source corpus describes the affected software as tcpdump before 4.9.0, while NVD’s CPE metadata explicitly marks tcpdump versions up to 4.8.1 as vulnerable.

Defensive priority

Critical. Apply remediation promptly because the issue is network-reachable, requires no privileges or user interaction per CVSS, and is associated with complete CIA impact if exploited.

Recommended defensive actions

Upgrade tcpdump to 4.9.0 or later, or to the first vendor-fixed package version available in your distribution.
Inventory hosts, appliances, build systems, and analysis pipelines that invoke tcpdump, including scheduled jobs and troubleshooting utilities.
Treat untrusted packet captures and externally sourced network traffic as high-risk inputs until patched systems are confirmed.
Review distro advisories and package errata linked in the record for the exact fixed package version on your platform.
If immediate patching is not possible, reduce exposure by limiting where tcpdump is run and restricting who can analyze untrusted captures.

Evidence notes

The CVE description states: “The SNMP parser in tcpdump before 4.9.0 has a buffer overflow in print-snmp.c:asn1_parse().” NVD metadata assigns CVSS 3.0 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H and CWE-119, and the CPE criteria mark tcpdump versions through 4.8.1 as vulnerable. The referenced advisories from Debian, Red Hat, and Gentoo confirm that downstream vendors issued fixes for this issue.

Official resources

CVE-2017-5483 CVE record
CVE.org
CVE-2017-5483 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Source reference
[email protected]
Source reference
[email protected]
Source reference
[email protected]
Source reference
[email protected]

CVE-2017-5483 was published on 2017-01-28. NVD’s record was last modified on 2026-05-13, but that does not change the original disclosure date.