UNKNOWNCVE-2017-20227

JAD 1.5.8e-1kali1 Stack-Based Buffer Overflow

Platform

java

Component

jad-java-decompiler

JAD Java Decompiler 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying overly long input that exceeds buffer boundaries. Attackers can craft malicious input passed to the jad command to overflow the stack and execute a return-oriented programming chain that spawns a shell.

How to fix

Actualizar a una versión parcheada o considerar alternativas de descompiladores Java. No hay una versión parcheada disponible, por lo que se recomienda usar un descompilador diferente.

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free