tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows. CREATE(Triage):(User=admin) CVE-2020-7211 (https://nvd.nist.gov/vuln/detail/CVE-2020-7211)