Main Vulnerability Database Vulnerabilities #VU25457

#VU25457 Path traversal in libslirp - CVE-2020-7211

Published: February 19, 2020 / Updated: April 28, 2020

Vulnerability identifier: #VU25457

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-7211

CWE-ID: CWE-22

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
libslirp

Software vendor:
Freedesktop.org

Description

The vulnerability allows an attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences within tftp.c in libslirp. A remote attacker can send a specially crafted TFPT request and read arbitrary files on the Windows system.

Remediation

Install update from vendor's website.

External links

http://www.openwall.com/lists/oss-security/2020/01/17/2
https://gitlab.freedesktop.org/slirp/libslirp/commit/14ec36e107a8c9af7d0a80c3571fe39b291ff1d4
https://security-tracker.debian.org/tracker/CVE-2020-7211

#VU25457 Path traversal in libslirp - CVE-2020-7211

Description

Remediation

External links

Please verify you're human