CVE-2020-17448
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
11/08/2020
Last modified:
17/06/2026
Description
Telegram Desktop through 2.1.13 allows a spoofed file type to bypass the Dangerous File Type Execution protection mechanism, as demonstrated by use of the chat window with a filename that lacks an extension.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:telegram:telegram_desktop:*:*:*:*:*:*:*:* | 2.1.13 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/VijayT007/Vulnerability-Database/blob/master/Telegram-CVE-2020-17448
- https://github.com/telegramdesktop/tdesktop/releases/tag/v2.2.0
- https://security.gentoo.org/glsa/202101-34
- https://telegram.org
- https://github.com/VijayT007/Vulnerability-Database/blob/master/Telegram-CVE-2020-17448
- https://github.com/telegramdesktop/tdesktop/releases/tag/v2.2.0
- https://security.gentoo.org/glsa/202101-34
- https://telegram.org



