CVE-2019-10044
Last modified
CVE-2019-10044 is a vulnerability of currently unknown severity. Telegram Desktop before 1.5.12 on Windows, and the Telegram applications for Android, iOS, and Linux, is vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets.. EPSS estimates a 3.28% chance of exploitation in the next 30 days.
Description
Telegram Desktop before 1.5.12 on Windows, and the Telegram applications for Android, iOS, and Linux, is vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Telegram | Telegram | All versions |
| Telegram | Telegram Desktop | < 1.5.12 |
References
- http://www.securityfocus.com/bid/107610Third Party Advisory, VDB Entry
- https://github.com/blazeinfosec/advisories/blob/master/telegram-advisory.txtExploit, Third Party Advisory
- http://www.securityfocus.com/bid/107610Third Party Advisory, VDB Entry
- https://github.com/blazeinfosec/advisories/blob/master/telegram-advisory.txtExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-10044?
How severe is CVE-2019-10044?
How do I fix CVE-2019-10044?
Are you affected by CVE-2019-10044?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST