{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2017-20227", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-28T11:44:17.954Z", "datePublished": "2026-03-28T11:58:11.134Z", "dateUpdated": "2026-04-01T13:59:49.724Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-28T11:58:11.134Z"}, "title": "JAD 1.5.8e-1kali1 Stack-Based Buffer Overflow", "descriptions": [{"lang": "en", "value": "JAD Java Decompiler 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying overly long input that exceeds buffer boundaries. Attackers can craft malicious input passed to the jad command to overflow the stack and execute a return-oriented programming chain that spawns a shell."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Out-of-bounds Write", "cweId": "CWE-787", "type": "CWE"}]}], "affected": [{"vendor": "Varaneckas", "product": "JAD Java Decompiler", "versions": [{"version": "1.5.8e", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.3, "baseSeverity": "CRITICAL", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/42255", "name": "ExploitDB-42255", "tags": ["exploit"]}, {"url": "http://www.varaneckas.com/jad/", "name": "Official Product Homepage", "tags": ["product"]}, {"name": "VulnCheck Advisory: JAD 1.5.8e-1kali1 Stack-Based Buffer Overflow", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/jad-8e-1kali1-stack-based-buffer-overflow"}], "credits": [{"lang": "en", "value": "Juan Sacco <juan.sacco@kpn.com> at KPN Red Team - http://www.kpn.com", "type": "finder"}], "x_generator": {"engine": "vulncheck"}, "datePublic": "2017-06-26T00:00:00.000Z"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-01T13:59:32.495787Z", "id": "CVE-2017-20227", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T13:59:49.724Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2017-20227", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-01T13:59:32.495787Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T13:59:43.830Z"}}], "cna": {"title": "JAD 1.5.8e-1kali1 Stack-Based Buffer Overflow", "credits": [{"lang": "en", "type": "finder", "value": "Juan Sacco <juan.sacco@kpn.com> at KPN Red Team - http://www.kpn.com"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Varaneckas", "product": "JAD Java Decompiler", "versions": [{"status": "affected", "version": "1.5.8e"}]}], "datePublic": "2017-06-26T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/42255", "name": "ExploitDB-42255", "tags": ["exploit"]}, {"url": "http://www.varaneckas.com/jad/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/jad-8e-1kali1-stack-based-buffer-overflow", "name": "VulnCheck Advisory: JAD 1.5.8e-1kali1 Stack-Based Buffer Overflow", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "JAD Java Decompiler 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying overly long input that exceeds buffer boundaries. Attackers can craft malicious input passed to the jad command to overflow the stack and execute a return-oriented programming chain that spawns a shell."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-28T11:58:11.134Z"}}}, "cveMetadata": {"cveId": "CVE-2017-20227", "state": "PUBLISHED", "dateUpdated": "2026-04-01T13:59:49.724Z", "dateReserved": "2026-03-28T11:44:17.954Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-28T11:58:11.134Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:varaneckas:jad_java_decompiler:1.5.8e-1kali1:*:*:*:*:*:*:*", "matchCriteriaId": "2E369DAD-6CD8-49AE-83F2-0CED1FEE51E1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "JAD Java Decompiler 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying overly long input that exceeds buffer boundaries. Attackers can craft malicious input passed to the jad command to overflow the stack and execute a return-oriented programming chain that spawns a shell."}, {"lang": "es", "value": "JAD Java Decompiler 1.5.8e-1kali1 y versiones anteriores contiene una vulnerabilidad de desbordamiento de b\u00fafer basado en pila que permite a los atacantes ejecutar c\u00f3digo arbitrario al proporcionar una entrada excesivamente larga que excede los l\u00edmites del b\u00fafer. Los atacantes pueden crear una entrada maliciosa pasada al comando jad para desbordar la pila y ejecutar una cadena de programaci\u00f3n orientada a retorno que genera un shell."}], "id": "CVE-2017-20227", "lastModified": "2026-04-08T19:37:26.690", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-28T12:16:01.993", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Product"], "url": "http://www.varaneckas.com/jad/"}, {"source": "disclosure@vulncheck.com", "tags": ["Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/42255"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://www.vulncheck.com/advisories/jad-8e-1kali1-stack-based-buffer-overflow"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.5.8e"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "JAD Java Decompiler", "source": "cna", "vendor": "Varaneckas"}, "product": "jad_java_decompiler", "vendor": "varaneckas"}], "analysis": {"en": {"generated_at": "2026-04-08T20:28:14.691867+00:00", "value": {"mitigation_remediation": ["Install an up\u2011to\u2011date, non\u2011vulnerable decompiler or uninstall JAD if it is not required.", "If the decompiler must remain, run it under the least\u2011privileged account and, if possible, in a sandboxed environment.", "Enable operating\u2011system defenses such as stack protection, Data Execution Prevention, and Address Space Layout Randomization.", "Monitor logs for unexpected shell invocations or unfamiliar processes that may indicate exploitation."], "summary": {"action": "Apply Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Varaneckas\u2019 JAD Java Decompiler, versions 1.5.8e\u20111kali1 and all prior versions are vulnerable. The product is used for reverse engineering Java bytecode, and the flaw is located in the command\u2011line parsing logic. Any environment that uses these releases for decompilation tasks is at risk if the software is run by attackers or by compromised processes.", "description_and_impact": "The vulnerability is a stack\u2010based buffer overflow in JAD Java Decompiler 1.5.8e\u20111kali1 and earlier releases. Malicious input that exceeds the defined buffer size triggers the overflow, allowing direct overwrite of the return address. An attacker can exploit this through the command\u2011line interface, inject arbitrary code, and spawn a shell, resulting in complete compromise of the host on which JAD is executed. This weakness falls under CWE\u2011787 and carries critical severity.", "risk_and_exploitability": "The CVSS base score is 9.3, indicating a high\u2011severity remote code execution flaw. The EPSS score is below 1\u202f%, suggesting that publicly observed exploitation is rare at present, though the risk remains if an attacker can supply crafted input. The vulnerability is not listed in the CISA KEV catalog, but if an attacker can invoke Jad locally or through a compromised build pipeline, they can achieve arbitrary code execution with minimal prerequisites. The attack does not require elevated privileges, but higher privileges will increase damage potential. Organizations should consider the flaw as a critical exposure that warrants immediate mitigation."}}}}, "created": "2026-03-29T20:32:19.883053+00:00", "updated": "2026-04-09T08:29:31.784897+00:00", "vendors": ["varaneckas", "varaneckas$PRODUCT$jad_java_decompiler"]}