Cyber Resilience

CVE-2017-20227

CriticalPublic PoC

Published: 28 March 2026

Published
28 March 2026
Modified
08 April 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0067 47.1th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2017-20227 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Varaneckas Jad Java Decompiler. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 47.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2017-20227 is a stack-based buffer overflow vulnerability (CWE-787) affecting JAD Java Decompiler versions 1.5.8e-1kali1 and prior. The issue arises in the jad command when processing overly long input that exceeds buffer boundaries, enabling potential stack corruption.

The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating it is exploitable over the network with low complexity, no privileges, and no user interaction required. Attackers can craft malicious input for the jad command to trigger the overflow, execute a return-oriented programming chain, and spawn a shell, resulting in arbitrary code execution on the target system.

Advisories and related resources include the official JAD website at http://www.varaneckas.com/jad/, a public exploit at https://www.exploit-db.com/exploits/42255, and a VulnCheck advisory detailing the stack-based buffer overflow at https://www.vulncheck.com/advisories/jad-8e-1kali1-stack-based-buffer-overflow. No patches or specific mitigations are described in the provided information.

A proof-of-concept exploit is publicly available, highlighting active interest in this vulnerability despite its publication date of 2026-03-28.

EU & UK References

Vulnerability details

JAD Java Decompiler 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying overly long input that exceeds buffer boundaries. Attackers can craft malicious input passed to the jad command to overflow…

more

the stack and execute a return-oriented programming chain that spawns a shell.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

Stack-based buffer overflow enables unauthenticated remote code execution via crafted input to the jad CLI, directly mapping to exploitation of exposed applications and Unix shell access.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2016-20049Same product: Varaneckas Jad Java Decompiler
CVE-2017-20229Shared CWE-787
CVE-2025-27807Shared CWE-787
CVE-2024-48856Shared CWE-787
CVE-2025-14234Shared CWE-787
CVE-2018-25223Shared CWE-787
CVE-2018-25154Shared CWE-787
CVE-2024-57704Shared CWE-787
CVE-2025-29384Shared CWE-787
CVE-2024-12648Shared CWE-787

Affected Assets

varaneckas
jad java decompiler
1.5.8e-1kali1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly validates the length and structure of inputs to the jad command, preventing stack buffer overflows from overly long malicious input.

prevent

Implements memory safeguards like non-executable stacks and address space randomization to block arbitrary code execution via return-oriented programming in stack overflows.

prevent

Requires remediation of the identified buffer overflow flaw in JAD by patching, updating, or removing the vulnerable software.

References