Denial of Service Vulnerability in Telegram for iOS by Telegram
CVE-2021-30496

5.7MEDIUM

Key Information:

Vendor: Telegram
Status: Telegram
Vendor: CVE Published:; 20 April 2021

What is CVE-2021-30496?

The Telegram app version 7.6.2 for iOS contains a vulnerability that allows remote authenticated users to trigger a denial of service condition. This can occur when an attacker sends a specifically crafted message, potentially in languages like Persian, which when pasted into a channel or group by the victim, results in a crash of the application. The issue originates from the MtProtoKitFramework, although the vendor asserts that this behavior does not constitute a vulnerability.

References

https://gist.github.com/raminfp/bf64c2974ee69497873297491...

https://t.me/joinchat/bJ9cnUosVh03ZTI0

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 20, 2021
Vulnerability Reserved
Apr 11, 2021

JSON