diff --git a/pkgs/tools/networking/tcpdump/default.nix b/pkgs/tools/networking/tcpdump/default.nix
index fd7b203fbbf..fa555ad4f99 100644
--- a/pkgs/tools/networking/tcpdump/default.nix
+++ b/pkgs/tools/networking/tcpdump/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, libpcap, perl }:
+{ stdenv, fetchurl, libpcap, perl, fetchpatch }:
 
 stdenv.mkDerivation rec {
   pname = "tcpdump";
@@ -9,6 +9,14 @@ stdenv.mkDerivation rec {
     sha256 = "0434vdcnbqaia672rggjzdn4bb8p8dchz559yiszzdk0sjrprm1c";
   };
 
+  patches = [
+    # Patch for CVE-2020-8037
+    (fetchpatch {
+      url = "https://github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd8de5b6ab5231.patch";
+      sha256 = "sha256-bO3aV032ru9+M/9isBRjmH8jTZLKj9Zf9ha2rmOaZwc=";
+    })
+  ];
+
   postPatch = ''
     patchShebangs tests
   '';