CVE-2018-19861
Description
MiniShare 1.4.1 and earlier suffers from a buffer overflow in the HTTP HEAD request handling, allowing remote code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
MiniShare 1.4.1 and earlier suffers from a buffer overflow in the HTTP HEAD request handling, allowing remote code execution.
Vulnerability
A buffer overflow exists in MiniShare versions 1.4.1 and earlier when processing a long HTTP HEAD request. The overflow occurs due to insufficient bounds checking on the request line. The code path is reachable when an attacker sends an oversized HEAD (or POST) request to the server; the difference in vulnerability offset between GET and HEAD/POST is only 1 byte [1]. This product is discontinued.
Exploitation
An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted long HTTP HEAD request to the MiniShare server. The attacker must be able to reach the server over the network. No user interaction or prior authentication is required. The exploit requires approximately 210 bytes to reach the shellcode, with bad characters being 0x00 and 0x0d; a jump to esp instruction (e.g., from kernel32.dll on Windows XP SP3 English) is used to redirect execution to attacker-controlled shellcode [1].
Impact
Successful exploitation allows the attacker to execute arbitrary code on the target system with the privileges of the MiniShare process. This typically results in a full system compromise, including potential for information disclosure, system modification, or denial of service. The attacker gains remote code execution without authentication [1].
Mitigation
No fix is available as MiniShare is discontinued. Users should immediately retire and remove this software from any environment. The vulnerability is not listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog as of the publication date. No workaround exists other than decommissioning the service [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing bounds checking on the HTTP HEAD request line allows a stack-based buffer overflow."
Attack vector
An unauthenticated remote attacker sends an HTTP HEAD request with an overly long URI to the MiniShare server on TCP port 80. The server copies the attacker-supplied string into a stack buffer without length validation, overwriting the saved return address and other stack data. Because the GET method was already known to be vulnerable (CVE-2004-2271), the HEAD (and POST) methods are exploited identically, differing only by one byte in the method length [ref_id=1]. The attacker can then hijack EIP to redirect execution to attacker-controlled shellcode.
Affected code
The advisory does not specify a particular function or file path; the product MiniShare 1.4.1 (discontinued) is the affected component. The vulnerability lies in the HTTP HEAD request handler, which fails to bounds-check the length of the request line before copying it into a fixed-size buffer.
What the fix does
No patch is available; the product is discontinued and the vendor has not released a fix. The advisory notes that the HEAD and POST methods suffer the same stack buffer overflow as the previously reported GET-method bug (CVE-2004-2271) [ref_id=1]. The only remediation is to discontinue use of MiniShare or to block access to the service at the network perimeter.
Preconditions
- networkThe MiniShare server must be running and listening on a network-accessible port (default TCP 80).
- authNo authentication is required; the attacker can send a raw HTTP HEAD request to the server.
Reproduction
The public PoC at https://www.exploit-db.com/exploits/45999/ provides a Python script that connects to MiniShare 1.4.1 on 127.0.0.1:80 and sends a crafted HTTP HEAD request. The request contains an egghunter followed by a Metasploit-generated bind-shell payload (port 4444) that avoids the bad bytes `0x00` and `0x0d`. When the server processes the oversized HEAD request, it overwrites the saved return address, and the egghunter locates and executes the shellcode in memory [ref_id=1].
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3- www.exploit-db.com/exploits/45999/mitreexploitx_refsource_EXPLOIT-DB
- packetstormsecurity.com/files/150689/MiniShare-1.4.1-HEAD-POST-Buffer-Overflow.htmlmitrex_refsource_MISC
- seclists.org/fulldisclosure/2018/Dec/19mitremailing-listx_refsource_FULLDISC
News mentions
0No linked articles in our index yet.