CVE-2016-20049
Stack-Based Buffer Overflow in JAD 1.5.8e Enables Code Execution
Publication date: 2026-03-28
Last updated on: 2026-04-22
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| varaneckas | jad_java_decompiler | 1.5.8e-1kali1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2016-20049 is a critical stack-based buffer overflow vulnerability found in JAD Java Decompiler version 1.5.8e-1kali1 and earlier. The vulnerability occurs when the application processes input strings that exceed 8150 bytes, causing the stack buffer to overflow. This overflow allows attackers to overwrite return addresses on the stack and execute arbitrary shellcode within the context of the application.
Attackers can craft malicious input containing a large buffer (e.g., 8150 bytes of junk data), followed by a return-oriented programming (ROP) gadget address, a NOP sled, and shellcode that can spawn a shell or execute other arbitrary commands. This enables remote code execution without requiring privileges or user interaction.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including allowing attackers to execute arbitrary code remotely within the application context. This can lead to full system compromise, unauthorized access, data manipulation, or disruption of service.
Failed exploitation attempts may also cause denial-of-service (DoS) conditions by crashing the application.
- Remote code execution without any privileges or user interaction.
- Potential full system compromise through execution of attacker-controlled shellcode.
- Denial-of-service conditions caused by application crashes.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the vulnerable JAD Java Decompiler version 1.5.8e-1kali1 or earlier is present on your system.
Since the exploit involves supplying an input string exceeding 8150 bytes to the jad binary, one way to test for the vulnerability is to run the jad binary with a crafted oversized input and observe if it crashes or behaves unexpectedly.
A sample command to test locally could be:
- python -c "import subprocess; subprocess.call(['jad', 'A'*8200])"
If the jad binary crashes or exhibits abnormal behavior, it indicates the presence of the vulnerability.
Additionally, you can check the version of the jad binary installed by running:
- jad -version
If the version is 1.5.8e-1kali1 or earlier, the system is vulnerable.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include:
- Remove or disable the vulnerable jad binary (version 1.5.8e-1kali1 or earlier) from your system to prevent exploitation.
- Avoid running the jad binary with untrusted or oversized input strings that exceed 8150 bytes.
- If possible, update to a fixed or newer version of the JAD Java Decompiler that addresses this buffer overflow vulnerability.
- Restrict access to the jad binary to trusted users only, minimizing the risk of local exploitation.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows remote code execution with high impact on confidentiality, integrity, and availability of the affected system.
Such a critical security flaw could lead to unauthorized access or control over sensitive data, potentially resulting in violations of data protection regulations like GDPR or HIPAA.
Organizations using the affected JAD versions may face compliance risks if this vulnerability is exploited, as it undermines the security controls required to protect personal or sensitive information.