CVE-2020-13768 – CVE-2020-13768 is a critical stack-based buffer... (How to Fix)

Q: What is the severity of CVE-2020-13768?

CVE-2020-13768 has a CVSS score of 9.8 (CRITICAL). CVE-2020-13768 is a critical stack-based buffer overflow vulnerability in MiniShare HTTP server that allows unauthenticated remote attackers to execute arbitrary code via specially crafted HTTP PUT requests. This affects all MiniShare versions before 1.4.2. The product is discontinued, leaving users with no official vendor support.

📋 TL;DR

CVE-2020-13768 is a critical stack-based buffer overflow vulnerability in MiniShare HTTP server that allows unauthenticated remote attackers to execute arbitrary code via specially crafted HTTP PUT requests. This affects all MiniShare versions before 1.4.2. The product is discontinued, leaving users with no official vendor support.

💻 Affected Systems

Products:

MiniShare HTTP Server

Versions: All versions before 1.4.2

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default configuration when PUT method is enabled. Product is discontinued with no official vendor support.

📦 What is this software?

Minishare by Minishare Project

View all CVEs affecting Minishare →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with remote code execution leading to data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Remote code execution allowing attackers to gain control of the server, pivot to internal networks, and deploy malware.

🟢

If Mitigated

Limited impact if server is isolated with strict network controls, though buffer overflow could still cause denial of service.

🌐 Internet-Facing: HIGH - Unauthenticated remote exploitation with public proof-of-concept available makes internet-facing instances extremely vulnerable.

🏢 Internal Only: HIGH - Even internal instances are vulnerable to network-based attacks from compromised internal hosts.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code available on GitHub. Similar to previous CVEs in same product (CVE-2018-19861, CVE-2018-19862, CVE-2019-17601).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.4.2 (but product discontinued)

Vendor Advisory: None - product discontinued

Restart Required: Yes

Instructions:

1. Upgrade to version 1.4.2 if available 2. Restart MiniShare service 3. Verify PUT method is disabled

🔧 Temporary Workarounds

Disable HTTP PUT Method

all

Disable PUT method in MiniShare configuration to prevent exploitation

Edit MiniShare configuration file to remove or comment PUT method support

Network Segmentation

all

Restrict network access to MiniShare server

firewall-cmd --permanent --remove-service=http --zone=public
netsh advfirewall firewall add rule name="Block MiniShare" dir=in action=block protocol=TCP localport=80,443

🧯 If You Can't Patch

Immediately remove MiniShare from production environments
Replace with maintained HTTP server software (Apache, Nginx, IIS)

🔍 How to Verify

Check if Vulnerable:

Check MiniShare version: if version < 1.4.2, system is vulnerable. Test with HTTP PUT request to see if server responds.

Check Version:

Check MiniShare interface or configuration file for version information

Verify Fix Applied:

Verify version is 1.4.2 or higher. Test that HTTP PUT requests are rejected or disabled.

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP PUT requests
Large payloads in PUT requests
Stack overflow errors in system logs

Network Indicators:

HTTP PUT requests with oversized headers or data
Multiple failed PUT attempts
Shellcode patterns in HTTP traffic

SIEM Query:

source="minishare.log" AND (method="PUT" AND (bytes>10000 OR contains(data,"\x90\x90")))

📊 Metadata

CVE ID: CVE-2020-13768

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: June 4, 2020

Last Updated: November 21, 2024

🔗 References

https://github.com/sartlabs/OSCE-Prep/blob/9a9d2471a9de09457f970be4ea1b57a74d26705a/My%20CVEs/Minishare_BOF_PUT.py Exploit,Third Party Advisory
https://github.com/sartlabs/OSCE-Prep/blob/9a9d2471a9de09457f970be4ea1b57a74d26705a/My%20CVEs/Minishare_BOF_PUT.py Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-13768, you might also want to check these: