CVE-2016-7116

Published: Dec 10, 2016Modified: May 6, 2026

6.0

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Exploitability: 1.5 / Impact: 4.0

Source: NVD

Description

Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to access host files outside the export path via a .. (dot dot) in an unspecified string.

Affected (7)

Products: Qemu: Qemu · Debian: Debian Linux

1 product

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Qemu Qemu	Up to 2.6.2
Qemu Qemu	Version 2.7.0 rc0
Qemu Qemu	Version 2.7.0 rc1
Qemu Qemu	Version 2.7.0 rc2
Qemu Qemu	Version 2.7.0 rc3
Qemu Qemu	Version 2.7.0 rc4

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (16)

http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=56f101ecce0eafd09e2daf1c4eeb1377d6959261

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2016/08/30/1

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2016/08/30/3

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/92680

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg03917.html

Source: secalert@redhat.com

Third Party Advisory

https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04231.html

Source: secalert@redhat.com

Third Party Advisory

https://security.gentoo.org/glsa/201609-01

Source: secalert@redhat.com

Third Party Advisory

http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=56f101ecce0eafd09e2daf1c4eeb1377d6959261

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2016/08/30/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2016/08/30/3

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/92680

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg03917.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04231.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.gentoo.org/glsa/201609-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.