Synced 17 Jun 2026 12:26 UTC Account
← All products

CVE-2020-7211

HIGH severity · CVSS 7.5 · Path traversal
7.5CVSS HIGH

Summary

tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows.

Impact & exploitability

Attack vectorNetwork
Attack complexityLow
Privileges requiredNone
User interactionNone
Confidentiality impactHigh
Integrity impactNone
Availability impactNone
Exploit probability (EPSS)4%

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products we track (1)

QEMU

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

Official patch: https://gitlab.freedesktop.org/slirp/libslirp/commit/14ec36e107a8c9af7d0a80c3571fe39b291ff1d4 ↗

Additional information