In windows host, tftp arbitrary file read vulnerability
Bug #1812451 reported by
jusunLee
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
QEMU |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
https:/
if (!strncmp(
req_
strstr(
tftp_
return;
}
There is file path check for not allowing escape tftp directory.
But, in windows, file path is separated by "\" backslash.
So, guest can read arbitrary file in Windows host.
This bug is variant of CVE-2019-2553 - Directory traversal vulnerability.
description: | updated |
description: | updated |
information type: | Private Security → Public |
Changed in qemu: | |
status: | New → Fix Committed |
Changed in qemu: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
This is fixed upstream by https:/ /gitlab. freedesktop. org/slirp/ libslirp/ commit/ 14ec36e107a8c9a f7d0a80c3571fe3 9b291ff1d4