Vulnerability Description
Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Stack Based Overflow in the gray_split_cubic function of their custom fork of the rlottie library. A remote attacker might be able to overwrite Telegram's stack memory out-of-bounds on a victim device via a malicious animated sticker.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Telegram | Telegram | < 7.1.0 |
Related Weaknesses (CWE)
References
- https://www.shielder.it/advisories/telegram-rlottie-gray_split_cubic-stack-buffeExploitThird Party Advisory
- https://www.shielder.it/blog/2021/02/hunting-for-bugs-in-telegrams-animated-sticExploitThird Party Advisory
- https://www.shielder.it/advisories/telegram-rlottie-gray_split_cubic-stack-buffeExploitThird Party Advisory
- https://www.shielder.it/blog/2021/02/hunting-for-bugs-in-telegrams-animated-sticExploitThird Party Advisory
FAQ
What is CVE-2021-31321?
CVE-2021-31321 is a vulnerability with a CVSS score of 7.1 (HIGH). Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Stack Based Overflow in the gray_split_cubic function of their custom fork of the rlottie library. A remote...
How severe is CVE-2021-31321?
CVE-2021-31321 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-31321?
Check the references section above for vendor advisories and patch information. Affected products include: Telegram Telegram.