CVE-2020-12474
First published: Fri May 01 2020(Updated: )
Telegram Desktop through 2.0.1, Telegram through 6.0.1 for Android, and Telegram through 6.0.1 for iOS allow an IDN Homograph attack via Punycode in a public URL or a group chat invitation URL.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Telegram Telegram | <=6.0.1 | |
| Telegram Telegram | <=6.0.1 | |
| Telegram Telegram Desktop | <=2.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Telegram vulnerability?
The vulnerability ID for this Telegram vulnerability is CVE-2020-12474.
Which software versions are affected by CVE-2020-12474?
Telegram Desktop through 2.0.1, Telegram through 6.0.1 for Android, and Telegram through 6.0.1 for iOS are affected by CVE-2020-12474.
What is the severity level of CVE-2020-12474?
The severity level of CVE-2020-12474 is medium.
How can an IDN Homograph attack be carried out in Telegram?
An IDN Homograph attack can be carried out in Telegram by using Punycode in a public URL or a group chat invitation URL.
Is there a fix available for CVE-2020-12474?
It is recommended to update Telegram Desktop to version 2.0.2 or newer, Telegram for Android to version 6.0.2 or newer, and Telegram for iOS to version 6.0.2 or newer to fix CVE-2020-12474.
- collector/nvd-index
- agent/severity
- agent/author
- agent/references
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/telegram
- canonical/telegram telegram
- version/telegram telegram/6.0.1
- canonical/telegram telegram desktop
- version/telegram telegram desktop/2.0.1