summary refs log tree commit diff stats
path: root/results/classifier/deepseek-r1:32b/output/runtime/1812451
diff options
context:
space:
mode:
Diffstat (limited to 'results/classifier/deepseek-r1:32b/output/runtime/1812451')
-rw-r--r--results/classifier/deepseek-r1:32b/output/runtime/181245117
1 files changed, 17 insertions, 0 deletions
diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1812451 b/results/classifier/deepseek-r1:32b/output/runtime/1812451
new file mode 100644
index 000000000..208d03c34
--- /dev/null
+++ b/results/classifier/deepseek-r1:32b/output/runtime/1812451
@@ -0,0 +1,17 @@
+
+
+
+In windows host, tftp arbitrary file read vulnerability
+
+https://github.com/qemu/qemu/blob/master/slirp/tftp.c#L343
+
+  if (!strncmp(req_fname, "../", 3) ||
+      req_fname[strlen(req_fname) - 1] == '/' ||
+      strstr(req_fname, "/../")) {
+      tftp_send_error(spt, 2, "Access violation", tp);
+      return;
+  }
+
+There are file path check for not allowing escape tftp directory.
+But, in windows, file path is separated by "\" backslash.
+So, guest can read arbitrary file in Windows host.
\ No newline at end of file