CVE-2020-7211 — Path Traversal in Project Libslirp

CWE-22 — Path Traversal9 documents8 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 46.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libslirp Project Libslirp Qemu

Timeline

PublishedJan 21

Latest updateMay 24

Description

tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDqemu/qemu4.2.0

▶NVDlibslirp_project/libslirp4.1.0

Patches

Patch: gitlab.freedesktop.org ↗Patch: gitlab.freedesktop.org ↗

🔴Vulnerability Details

GHSA

GHSA-g6ww-98w5-h2gm: tftp↗2022-05-24

▶

OSV

CVE-2020-7211: tftp↗2020-01-21

▶

CVEList

CVE-2020-7211: tftp↗2020-01-21

▶

📋Vendor Advisories

Microsoft

tftp.c in libslirp 4.1.0 as used in QEMU 4.2.0 does not prevent ..\ directory traversal on Windows.↗2020-01-14

▶

Debian

CVE-2020-7211: libslirp - tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory ...↗2020

▶

Red Hat

QEMU: Slirp: potential directory traversal using relative paths via tftp server on Windows host↗2019-12-30

▶

💬Community

Bugzilla

CVE-2020-7211 qemu: Slirp: potential directory traversal using relative paths via tftp server on Windows host [fedora-all]↗2020-01-17

▶

Bugzilla

CVE-2020-7211 QEMU: Slirp: potential directory traversal using relative paths via tftp server on Windows host↗2020-01-17

▶