CVE-2020-17448
First published: Tue Aug 11 2020(Updated: )
Telegram Desktop through 2.1.13 allows a spoofed file type to bypass the Dangerous File Type Execution protection mechanism, as demonstrated by use of the chat window with a filename that lacks an extension.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Telegram Telegram Desktop | <=2.1.13 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Telegram Desktop vulnerability?
The vulnerability ID for this Telegram Desktop vulnerability is CVE-2020-17448.
What is the severity of CVE-2020-17448?
The severity of CVE-2020-17448 is high (7.8).
What is the affected software for CVE-2020-17448?
The affected software for CVE-2020-17448 is Telegram Desktop through version 2.1.13.
How does the vulnerability in Telegram Desktop work?
The vulnerability in Telegram Desktop allows a spoofed file type to bypass the Dangerous File Type Execution protection mechanism by using a chat window with a filename that lacks an extension.
How can I fix the CVE-2020-17448 vulnerability?
To fix the CVE-2020-17448 vulnerability, update Telegram Desktop to version 2.2.0 or later.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/author
- agent/severity
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/telegram
- canonical/telegram telegram desktop
- version/telegram telegram desktop/2.1.13