Peter Maydell

**Name of the Vulnerable Software and Affected Versions** libslirp version 4.1.0 QEMU version 4.2.0 **Description** The issue concerns directory traversal on Windows due to a lack of prevention in `tftp.c` within libslirp. **Recommendations** For libslirp version 4.1.0, consider restricting directory access to prevent traversal. For QEMU version 4.2.0, restrict the use of `tftp.c` until a fix is available.

**Name of the Vulnerable Software and Affected Versions** QEMU (affected versions not specified) **Description** The issue is caused by a buffer overflow in the NetRxPkt component of QEMU's hardware emulation. This can be exploited by a remote attacker to cause a denial of service by crashing the QEMU process through out-of-bounds access. The vulnerability is related to the VLANSTRIP feature enabled on the vmxnet3 device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.