CVE-2020-13768

moderate-risk
Published 2020-06-04

In MiniShare before 1.4.2, there is a stack-based buffer overflow via an HTTP PUT request, which allows an attacker to achieve arbitrary code execution, a similar issue to CVE-2018-19861, CVE-2018-19862, and CVE-2019-17601. NOTE: this product is discontinued.

Do I need to act?

~
1.2% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Minishare Project

References (2)

Exploit https://github.com/sartlabs/OSCE-Prep/blob/9a9d2471a9de09457f970be4ea1b57a74d267...
Exploit https://github.com/sartlabs/OSCE-Prep/blob/9a9d2471a9de09457f970be4ea1b57a74d267...
41
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 4/34 · Minimal
Exposure 5/34 · Minimal