Plattform
java
Komponente
jad-java-decompiler
Behoben in
1.5.9
CVE-2016-20049 identifies a critical Remote Code Execution (RCE) vulnerability in JAD, a Java decompiler. This flaw allows attackers to execute arbitrary code by providing oversized input strings exceeding buffer boundaries. The vulnerability affects versions 1.5.8e-1kali1 and earlier. Immediate patching is crucial to prevent exploitation.
CVE-2016-20049 presents a severe risk due to its RCE nature. An attacker can exploit this vulnerability to execute arbitrary code on a vulnerable system, potentially gaining complete control. The attack involves crafting malicious input strings exceeding 8150 bytes, overflowing the stack, overwriting return addresses, and executing shellcode within the application's context. This could lead to data breaches, system compromise, and widespread disruption. The blast radius extends to any system running a vulnerable version of JAD, making it a high-priority concern.
CVE-2016-20049 is not currently listed on KEV or EPSS. Public proof-of-concept exploits are available, increasing the risk of exploitation. Given the vulnerability's severity and the availability of exploits, it is considered a high-probability target. Published on 2026-03-28.
Organizations and individuals using JAD Java Decompiler, particularly those relying on older, unpatched versions (1.5.8e-1kali1 and prior), are at significant risk. Systems where JAD is used to analyze potentially untrusted Java code are especially vulnerable, as attackers could craft malicious input to exploit the vulnerability.
• java: Monitor JRE logs for stack overflow errors or unusual process creation related to JAD.
journalctl -u java -g "stack overflow"• generic web: Monitor access logs for unusually large requests directed at JAD.
grep -i '8000+' /var/log/apache2/access.log• generic web: Check response headers for unexpected content or error codes following JAD processing.
curl -I http://your-jad-server/decompile?file=malicious.jar | grep -i 'error'disclosure
Exploit-Status
EPSS
0.09% (25% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2016-20049 is to immediately upgrade to a patched version of JAD. If upgrading is not possible, implement strict input validation to prevent oversized input strings from being processed. Consider using a Web Application Firewall (WAF) to filter potentially malicious input, although its effectiveness may be limited. Rollback to a previous, known-good version of JAD if an upgrade causes instability. After upgrade, confirm the vulnerability is resolved by attempting to decompile a large file and verifying that the program does not crash or exhibit unexpected behavior.
Actualizar a una versión parcheada de JAD Java Decompiler que solucione la vulnerabilidad de desbordamiento de búfer. Si no hay una versión parcheada disponible, considere usar un descompilador de Java alternativo.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2016-20049 is a critical Remote Code Execution vulnerability in JAD Java Decompiler versions 1.5.8e-1kali1 and earlier, allowing attackers to execute arbitrary code through a stack buffer overflow.
You are affected if you are using JAD Java Decompiler version 1.5.8e-1kali1 or earlier. Upgrade is the recommended solution, though mitigation steps can be taken in the interim.
A specific patched version is not currently available. Mitigation involves input validation, WAF/proxy rules, and monitoring for suspicious activity.
While active exploitation is not confirmed, the vulnerability's criticality and the ease of exploitation suggest a high probability of exploitation.
Official advisories may be limited. Search for relevant discussions on security mailing lists and vulnerability databases like NVD.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine pom.xml-Datei hoch und wir sagen dir sofort, ob du betroffen bist.