Stack Based Overflow Vulnerability in Telegram Mobile and Desktop Applications
CVE-2021-31321

7.1HIGH

Key Information:

Vendor

Telegram

Status
Telegram
Vendor
CVE Published:
18 May 2021

What is CVE-2021-31321?

A stack based overflow vulnerability exists in the gray_split_cubic function of the custom rlottie library used in Telegram applications. This flaw is present in Telegram versions prior to 7.1 for Android, iOS, and macOS. An attacker can exploit this weakness by crafting a malicious animated sticker that, when processed by the application, could overwrite the stack memory of the affected device. This could potentially allow for remote code execution, compromising user data and device security.

References

https://www.shielder.it/blog/2021/02/hunting-for-bugs-in-...
x_refsource_MISC
https://www.shielder.it/advisories/telegram-rlottie-gray_...
x_refsource_MISC

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.