CVE Catalog

CVE-2020-7211

Low
Published: Translated: NVD NIST

Summary

In version 4.1.0 of the libslirp library, used in QEMU 4.2.0, there is a vulnerability that allows directory traversal attacks on Windows systems.

Risk Assessment

An attacker may gain access to files outside the allowed directory, potentially leading to the disclosure of sensitive data or system compromise.

Recommendation

It is recommended to update libslirp to the latest version to mitigate the risks associated with this vulnerability.

Original NVD description (English source)

tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS