Stack Based Overflow Vulnerability in Telegram Mobile and Desktop Applications
CVE-2021-31321

7.1HIGH

Key Information:

Vendor: Telegram
Status: Telegram
Vendor: CVE Published:; 18 May 2021

What is CVE-2021-31321?

A stack based overflow vulnerability exists in the gray_split_cubic function of the custom rlottie library used in Telegram applications. This flaw is present in Telegram versions prior to 7.1 for Android, iOS, and macOS. An attacker can exploit this weakness by crafting a malicious animated sticker that, when processed by the application, could overwrite the stack memory of the affected device. This could potentially allow for remote code execution, compromising user data and device security.

References

https://www.shielder.it/blog/2021/02/hunting-for-bugs-in-...

x_refsource_MISC

https://www.shielder.it/advisories/telegram-rlottie-gray_...

x_refsource_MISC

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 18, 2021
Vulnerability Reserved
Apr 15, 2021