CVE-2017-20227

Exploit

EPSS 0.67%
Veröffentlicht 28.03.2026 11:58:11
Zuletzt bearbeitet 08.04.2026 19:37:26
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

JAD 1.5.8e-1kali1 Stack-Based Buffer Overflow

JAD Java Decompiler 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying overly long input that exceeds buffer boundaries. Attackers can craft malicious input passed to the jad command to overflow the stack and execute a return-oriented programming chain that spawns a shell.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Varaneckas ≫ Jad Java Decompiler Version1.5.8e-1kali1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.67%	0.47

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
disclosure@vulncheck.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
disclosure@vulncheck.com	9.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://www.varaneckas.com/jad/

Product

https://www.exploit-db.com/exploits/42255

Exploit

VDB Entry

https://www.vulncheck.com/advisories/jad-8e-1kali1-stack-based-buffer-overflow

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-20227

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-20227

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-20227

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2017-20227