CVE-2017-20227

CRITICAL

JAD 1.5.8e-1kali1 Stack-Based Buffer Overflow

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-20227. PoCs published by Juan Sacco.

AI-analyzed exploit summary This exploit leverages a stack-based buffer overflow in JAD (Java Decompiler) 1.5.8e-1kali1 to achieve arbitrary code execution via a ROP chain. It constructs a payload that writes '/bin//sh' into memory and executes it using int 0x80.

Description

JAD Java Decompiler 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying overly long input that exceeds buffer boundaries. Attackers can craft malicious input passed to the jad command to overflow the stack and execute a return-oriented programming chain that spawns a shell.

Exploits (1)

exploitdb WORKING POC

by Juan Sacco · pythonlocallinux

https://www.exploit-db.com/exploits/42255

View Code ZIP pw:eip

This exploit leverages a stack-based buffer overflow in JAD (Java Decompiler) 1.5.8e-1kali1 to achieve arbitrary code execution via a ROP chain. It constructs a payload that writes '/bin//sh' into memory and executes it using int 0x80.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: JAD (Java Decompiler) 1.5.8e-1kali1 and prior

No auth needed

Prerequisites: JAD installed on the target system · ability to execute the exploit locally

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 08, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit exploit

ExploitDB-42255

https://www.exploit-db.com/exploits/42255

Product product

Official Product Homepage

http://www.varaneckas.com/jad/

Third Party Advisory third-party-advisory

VulnCheck Advisory: JAD 1.5.8e-1kali1 Stack-Based Buffer Overflow

https://www.vulncheck.com/advisories/jad-8e-1kali1-stack-based-buffer-overflow

Scores

CVSS v3 9.8

EPSS 0.0067

EPSS Percentile 46.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-787

Status published

Products (2)

Varaneckas/JAD Java Decompiler 1.5.8e

varaneckas/jad_java_decompiler 1.5.8e-1kali1

Published Mar 28, 2026

Tracked Since Mar 29, 2026