Directory Traversal Vulnerability in Telegram Messenger for Android
CVE-2017-17715

8.8HIGH

Key Information:

Vendor: Telegram
Status: Telegram Messenger
Vendor: CVE Published:; 16 December 2017

What is CVE-2017-17715?

The Telegram Messenger application for Android prior to December 8, 2017, contains a directory traversal vulnerability within the saveFile method of MediaController.java. This vulnerability enables an attacker to exploit a specially crafted pathname obtained during file transfers from remote peers, potentially allowing unauthorized access to sensitive files such as tgnet.dat or tgnet.dat.bak. The exploitation of this vulnerability raises significant security concerns for user data integrity and confidentiality.

References

https://bugs.chromium.org/p/project-zero/issues/detail?id...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 16, 2017
Vulnerability Reserved
Dec 16, 2017