CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-17780

Telegram Desktop (aka tdesktop) 1.3.14, and Telegram 3.3.0.0 WP8.1 on Windows, leaks end-user public and private IP addresses during a call because of an unsafe default behavior in which P2P connections are accepted from clients outside of the My Contacts list.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 58.0%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 4.0

References

http://www.securityfocus.com/bid/105521
https://www.inputzero.io/2018/09/bug-bounty-telegram-cve-2018-17780.html
http://www.securityfocus.com/bid/105521
https://www.inputzero.io/2018/09/bug-bounty-telegram-cve-2018-17780.html

Products affected by CVE-2018-17780

Telegram » Telegram Desktop » Version: 1.3.14

cpe:2.3:a:telegram:telegram_desktop:1.3.14
Telegram » Telegram Messenger » Version: 3.3.0.0

cpe:2.3:a:telegram:telegram_messenger:3.3.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-17780

Products

Pricing

Contact Us