Vulnerability Details : CVE-2020-13768
Potential exploit
In MiniShare before 1.4.2, there is a stack-based buffer overflow via an HTTP PUT request, which allows an attacker to achieve arbitrary code execution, a similar issue to CVE-2018-19861, CVE-2018-19862, and CVE-2019-17601. NOTE: this product is discontinued.
Vulnerability category: OverflowMemory Corruption
Products affected by CVE-2020-13768
- cpe:2.3:a:minishare_project:minishare:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-13768
1.18%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 77 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-13768
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2020-13768
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-13768
-
https://github.com/sartlabs/OSCE-Prep/blob/9a9d2471a9de09457f970be4ea1b57a74d26705a/My%20CVEs/Minishare_BOF_PUT.py
OSCE-Prep/Minishare_BOF_PUT.py at 9a9d2471a9de09457f970be4ea1b57a74d26705a · sartlabs/OSCE-Prep · GitHubExploit;Third Party Advisory
Jump to