CVE-2017-20227

CRITICAL

JAD 1.5.8e-1kali1 Stack-Based Buffer Overflow

Title source: cna

Description

JAD Java Decompiler 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying overly long input that exceeds buffer boundaries. Attackers can craft malicious input passed to the jad command to overflow the stack and execute a return-oriented programming chain that spawns a shell.

Exploits (1)

exploitdb WORKING POC
by Juan Sacco · pythonlocallinux
https://www.exploit-db.com/exploits/42255

References (3)

Scores

CVSS v3 9.8
EPSS 0.0007
EPSS Percentile 22.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (2)
Varaneckas/JAD Java Decompiler 1.5.8e
varaneckas/jad_java_decompiler 1.5.8e-1kali1
Published Mar 28, 2026
Tracked Since Mar 29, 2026