CVE-2017-20227
Published: 28 March 2026
Summary
CVE-2017-20227 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Varaneckas Jad Java Decompiler. Its CVSS base score is 9.3 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 47.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2017-20227 is a stack-based buffer overflow vulnerability (CWE-787) affecting JAD Java Decompiler versions 1.5.8e-1kali1 and prior. The issue arises in the jad command when processing overly long input that exceeds buffer boundaries, enabling potential stack corruption.
The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating it is exploitable over the network with low complexity, no privileges, and no user interaction required. Attackers can craft malicious input for the jad command to trigger the overflow, execute a return-oriented programming chain, and spawn a shell, resulting in arbitrary code execution on the target system.
Advisories and related resources include the official JAD website at http://www.varaneckas.com/jad/, a public exploit at https://www.exploit-db.com/exploits/42255, and a VulnCheck advisory detailing the stack-based buffer overflow at https://www.vulncheck.com/advisories/jad-8e-1kali1-stack-based-buffer-overflow. No patches or specific mitigations are described in the provided information.
A proof-of-concept exploit is publicly available, highlighting active interest in this vulnerability despite its publication date of 2026-03-28.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2017-18947
Vulnerability details
JAD Java Decompiler 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying overly long input that exceeds buffer boundaries. Attackers can craft malicious input passed to the jad command to overflow…
more
the stack and execute a return-oriented programming chain that spawns a shell.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow enables unauthenticated remote code execution via crafted input to the jad CLI, directly mapping to exploitation of exposed applications and Unix shell access.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly validates the length and structure of inputs to the jad command, preventing stack buffer overflows from overly long malicious input.
Implements memory safeguards like non-executable stacks and address space randomization to block arbitrary code execution via return-oriented programming in stack overflows.
Requires remediation of the identified buffer overflow flaw in JAD by patching, updating, or removing the vulnerable software.