Platform
java
Component
jad-java-decompiler
Fixed in
1.5.9
CVE-2017-20227 describes a stack-based buffer overflow vulnerability found in JAD Java Decompiler versions 1.5.8e through 1.5.8e-1kali1. This flaw allows attackers to execute arbitrary code by crafting malicious input that exceeds buffer boundaries. Successful exploitation could lead to complete system compromise. A fix is available, and users are strongly advised to upgrade.
The vulnerability lies in how JAD Java Decompiler handles overly long input during the decompilation process. An attacker can craft a specially designed input file that triggers a buffer overflow on the stack. This overflow can overwrite critical data, including return addresses, allowing the attacker to hijack program execution. The attacker can then execute arbitrary code, potentially gaining full control of the system running the decompiler. This is similar to other stack-based buffer overflow exploits where attackers leverage return-oriented programming (ROP) chains to achieve code execution. The blast radius extends to any system where JAD Java Decompiler is used, particularly in environments where decompiled code is analyzed or integrated into other projects.
This CVE was published on 2026-03-28. There is no indication of this vulnerability being actively exploited in the wild or listed on KEV. The EPSS score is likely low due to the limited use of JAD Java Decompiler and the lack of publicly available exploits. No public proof-of-concept (POC) code has been identified.
Exploit Status
EPSS
0.09% (25% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to upgrade to a patched version of JAD Java Decompiler. Unfortunately, a specific patched version is not provided in the CVE data. Until a patched version is released, consider limiting the use of JAD Java Decompiler to trusted input sources only. Implement input validation to restrict the size of files processed by the decompiler. While a WAF or proxy cannot directly mitigate this vulnerability, they can be configured to monitor for suspicious network traffic patterns associated with decompilation attempts. Monitor system logs for unusual process activity or memory access patterns that might indicate exploitation.
Update to a patched version of the Java Decompiler JAD. If a patched version is not available, consider using an alternative Java decompiler to avoid the stack-based buffer overflow vulnerability.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2017-20227 is a critical buffer overflow vulnerability in JAD Java Decompiler versions 1.5.8e–1.5.8e, allowing attackers to execute arbitrary code through crafted input.
You are affected if you are using JAD Java Decompiler versions 1.5.8e through 1.5.8e-1kali1 and have not upgraded to a patched version (unavailable as of this writing).
Upgrade to a patched version of JAD Java Decompiler. As no patched version is currently available, limit usage to trusted sources and implement input validation.
There is currently no evidence of CVE-2017-20227 being actively exploited in the wild.
Official advisories are not readily available. Consult security mailing lists and vulnerability databases for updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your pom.xml file and we'll tell you instantly if you're affected.