CVE-2020-7211

tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows.
Path Traversal
Severity
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Atk. Vector
NETWORK
Atk. Complexity
LOW
Priv. Required
NONE
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
VendorProductVersion
libslirp_projectlibslirp
4.1.0
qemuqemu
4.2.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libslirp
bullseye
vulnerable
bookworm
vulnerable
sid
vulnerable
trixie
vulnerable
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libslirp
eoan
dne
disco
dne
bionic
dne
xenial
dne
trusty
dne
qemu
eoan
not-affected
disco
ignored
bionic
not-affected
xenial
not-affected
trusty
not-affected
qemu-kvm
eoan
dne
disco
dne
bionic
dne
xenial
dne
trusty
dne