diff options
| author | Christian Krinitsin <mail@krinitsin.com> | 2025-07-07 17:23:11 +0000 |
|---|---|---|
| committer | Christian Krinitsin <mail@krinitsin.com> | 2025-07-07 17:23:11 +0000 |
| commit | c50b0c4da17b6e83640e4ed2380fffb5f507c846 (patch) | |
| tree | b4f203fce1380e2ea3578a784bb8ee060fe42cbd /results/classifier/zero-shot-user-mode/output/instruction/1812451 | |
| parent | 61361f925d4914a6608a0076e64cc2399311ed5f (diff) | |
| download | qemu-analysis-c50b0c4da17b6e83640e4ed2380fffb5f507c846.tar.gz qemu-analysis-c50b0c4da17b6e83640e4ed2380fffb5f507c846.zip | |
add zero-shot results
Diffstat (limited to 'results/classifier/zero-shot-user-mode/output/instruction/1812451')
| -rw-r--r-- | results/classifier/zero-shot-user-mode/output/instruction/1812451 | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/results/classifier/zero-shot-user-mode/output/instruction/1812451 b/results/classifier/zero-shot-user-mode/output/instruction/1812451 new file mode 100644 index 000000000..13ec90c3b --- /dev/null +++ b/results/classifier/zero-shot-user-mode/output/instruction/1812451 @@ -0,0 +1,20 @@ +instruction: 0.634 +syscall: 0.225 +runtime: 0.141 + + + +In windows host, tftp arbitrary file read vulnerability + +https://github.com/qemu/qemu/blob/master/slirp/tftp.c#L343 + + if (!strncmp(req_fname, "../", 3) || + req_fname[strlen(req_fname) - 1] == '/' || + strstr(req_fname, "/../")) { + tftp_send_error(spt, 2, "Access violation", tp); + return; + } + +There are file path check for not allowing escape tftp directory. +But, in windows, file path is separated by "\" backslash. +So, guest can read arbitrary file in Windows host. \ No newline at end of file |