Image Self-Destruction Flaw in Telegram for Android
CVE-2021-41861

3.3LOW

Key Information:

Vendor

Telegram

Status
Telegram
Vendor
CVE Published:
4 October 2021

What is CVE-2021-41861?

The Telegram application for Android, versions 7.5.0 to 7.8.0, is susceptible to a vulnerability where the self-destruction feature for images does not function as intended. Users may believe that their images have been deleted after using the feature two to four times, as indicated by a misleading user interface on both sender and recipient sides. However, the images remain stored in the device's directory, posing a risk to user privacy and data security.

References

https://habr.com/ru/post/580582/
x_refsource_MISC
https://telegram.org/blog/autodelete-inv2/ru#avtomatiches...
x_refsource_MISC
https://desktop.telegram.org/changelog#v-2-6-23-02-21
x_refsource_MISC

CVSS V3.1

Score:
3.3
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.