Vulnerability CVE-2021-31321


Published: 2021-05-18

Description:
Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Stack Based Overflow in the gray_split_cubic function of their custom fork of the rlottie library. A remote attacker might be able to overwrite Telegram's stack memory out-of-bounds on a victim device via a malicious animated sticker.

Type:

CWE-787

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.8/10
4.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Partial
Affected software
Telegram -> Telegram 

 References:
https://www.shielder.it/blog/2021/02/hunting-for-bugs-in-telegrams-animated-stickers-remote-attack-surface/
https://www.shielder.it/advisories/telegram-rlottie-gray_split_cubic-stack-buffer-overflow/

Copyright 2024, cxsecurity.com

 

Back to Top