Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-10044

Telegram Desktop before 1.5.12 on Windows, and the Telegram applications for Android, iOS, and Linux, is vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets.

Published

2019-03-25T20:29:00.863

Last Modified

2024-11-21T04:18:16.203

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	telegram	telegram	*	Yes
Application	telegram	telegram_desktop	< 1.5.12	Yes
Operating System	microsoft	windows	-	No

References

http://www.securityfocus.com/bid/107610 Third Party Advisory, VDB Entry ([email protected])
https://github.com/blazeinfosec/advisories/blob/master/telegram-advisory.txt Exploit, Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/107610 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/blazeinfosec/advisories/blob/master/telegram-advisory.txt Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)