JAD Java Decompiler Stack-Based Buffer Overflow Vulnerability Allowing Remote Code Execution
Vulnerability
A stack-based buffer overflow vulnerability has been identified in JAD Java Decompiler versions through 1.5.8e-1kali1. This vulnerability allows attackers to execute arbitrary code by sending oversized input that exceeds the buffer's capacity. Malicious input strings longer than 8150 bytes can be crafted to overflow the stack, overwrite return addresses, and execute shellcode within the application's context.
Impact
Exploitation of this vulnerability leads to a stack-based buffer overflow, allowing for arbitrary code execution in the application's context. However, failed exploit attempts result in a denial-of-service condition.
Reproduction
The vulnerability can be reproduced by using JAD Java Decompiler version 1.5.8e-1kali1. An input string longer than 8150 bytes can be crafted to overflow the buffer. This oversized input can be supplied to the application, causing the buffer overflow by overwriting the return address on the stack. Once the return address is overwritten, the application can be manipulated to execute the injected shellcode.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.