A potential directory traversal issue was found in the tftp server
of the SLiRP user-mode networking implementation used by QEMU.
It could occur on Windows host, as it allows to use both forward ('/')
and backward slash('\') tokens as separators in a file path.
A user able to access the tftp server could use this flaw to access
undue files by using relative paths.
Created qemu tracking bugs for this issue:
Affects: fedora-all [bug 1792132]
Name: Reno Robert
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
This issue affects user-mode or SLiRP networking implementation of the QEMU emulator. Though qemu-kvm package is built with SLiRP networking support, due to its limitations, it is not used by the virtual machine guests by default.
This issue does not affect the versions of the qemu-kvm package as shipped with Red Hat Enterprise Linux 5, 6, 7, 8, Red Hat OpenStack, Red Hat Virtualization and Red Hat Enterprise Linux Advanced Virtualization 8.