CVE-2017-20227
JAD 1.5.8e-1kali1 Stack-Based Buffer Overflow
Vexday Risk Score
48Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 9.3EPSS 0.7%KEV nãoPoC públicaNuclei —Metasploit —Patch —
Lifecycle
28 Mar 2026Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
JAD Java Decompiler 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying overly long input that exceeds buffer boundaries. Attackers can craft malicious input passed to the jad command to overflow the stack and execute a return-oriented programming chain that spawns a shell.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
Varaneckas · JAD Java Decompilerpublic PoCs found — 1
cve_referencewww.exploit-db.com/exploits/42255unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.