CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-17715

The saveFile method in MediaController.java in the Telegram Messenger application before 2017-12-08 for Android allows directory traversal via a pathname obtained in a file-transfer request from a remote peer, as demonstrated by writing to tgnet.dat or tgnet.dat.bak.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 66.2%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.8

References

https://bugs.chromium.org/p/project-zero/issues/detail?id=1470
https://bugs.chromium.org/p/project-zero/issues/detail?id=1470

Products affected by CVE-2017-17715

Telegram » Telegram Messenger » Version: Any

cpe:2.3:a:telegram:telegram_messenger:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-17715

Products

Pricing

Contact Us