CVE-2021-36769

A reordering issue exists in Telegram before 7.8.1 for Android, Telegram before 7.8.3 for iOS, and Telegram Desktop before 2.8.8. An attacker can cause the server to receive messages in a different order than they were sent a client.

References

https://mtpsym.github.io

Affected packages

Git / github.com/drklo/telegram

Affected ranges

Type: GIT
Repo: https://github.com/drklo/telegram
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3ac3c37dd24e82779f7e20f31eb3df8f0bf46081

Affected versions

release-5.*

release-5.13.0_1818

release-5.13.0_1819

release-5.13.0_1820

release-5.13.0_1821

release-5.13.0_1823

release-5.13.1_1826

release-5.13.1_1829

release-5.14.0_1846

release-5.14.0_1849

release-5.14.0_1851

release-5.15.0_1864

release-5.15.0_1866

release-5.15.0_1867

release-5.15.0_1868

release-5.15.0_1869

release-6.*

release-6.0.0_1908

release-6.0.1_1910

release-6.0.1_1911

release-6.1.0_1938

release-6.1.0_1940

release-6.1.0_1941

release-6.1.1_1945

release-6.1.1_1946

release-6.2.0_1984

release-6.2.0_1985

release-6.2.0_1986

release-6.2.0_1988

release-6.3.0_2040

release-6.3.0_2042

release-7.*

release-7.0.0_2060

release-7.0.0_2061

release-7.0.0_2064

release-7.0.1_2065

release-7.1.0_2090

release-7.1.0_2092

release-7.1.1_2094

release-7.1.1_2096

release-7.1.2_2098

release-7.1.3_2100

release-7.1.3_2103

release-7.2.0_2128

release-7.2.0_2134

release-7.2.1_2135

release-7.2.1_2136

release-7.2.1_2137

release-7.2.1_2139

release-7.3.0_2195

release-7.3.0_2196

release-7.3.0_2197

release-7.3.0_2206

release-7.4.0_2221

release-7.4.0_2223

release-7.4.1_2225

release-7.4.2_2227

release-7.5.0_2243

release-7.5.0_2244

release-7.5.0_2245

release-7.5.0_2246

release-7.6.0_2264

release-7.6.1_2274

release-7.7.0_2284

release-7.7.1_2291

release-7.7.2_2293

release-7.8.0_2360

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-36769.json"

Git / github.com/telegramdesktop/tdesktop

Affected ranges

Type: GIT
Repo: https://github.com/telegramdesktop/tdesktop
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b69cac3ed6d224146b60d1586e0e1fa40aafc3cf

Affected versions

v0.*

v0.10.0

v0.10.1

v0.10.10

v0.10.11

v0.10.12

v0.10.13

v0.10.14

v0.10.15

v0.10.16

v0.10.17

v0.10.18

v0.10.19

v0.10.2

v0.10.20

v0.10.21

v0.10.22

v0.10.23

v0.10.24

v0.10.25

v0.10.26

v0.10.27

v0.10.3

v0.10.4

v0.10.5

v0.10.6

v0.10.7

v0.10.8

v0.10.9

v0.5.0

v0.5.1

v0.5.10

v0.5.11

v0.5.12

v0.5.13

v0.5.14

v0.5.15

v0.5.16

v0.5.17

v0.5.18

v0.5.19

v0.5.2

v0.5.20

v0.5.21

v0.5.4

v0.5.6

v0.5.7

v0.5.8

v0.5.9

v0.6.0

v0.6.1

v0.6.10

v0.6.11

v0.6.12

v0.6.13

v0.6.14

v0.6.15

v0.6.16

v0.6.17

v0.6.18

v0.6.19

v0.6.2

v0.6.20

v0.6.21

v0.6.3

v0.6.4

v0.6.5

v0.6.6

v0.6.7

v0.6.8

v0.6.9

v0.7.0

v0.7.1

v0.7.10

v0.7.11

v0.7.12

v0.7.13

v0.7.14

v0.7.15

v0.7.16

v0.7.17

v0.7.18

v0.7.19

v0.7.2

v0.7.20

v0.7.21

v0.7.22

v0.7.23

v0.7.24

v0.7.25

v0.7.26

v0.7.3

v0.7.4

v0.7.5

v0.7.6

v0.7.7

v0.7.8

v0.7.9

v0.8.0

v0.8.1

v0.8.10

v0.8.11

v0.8.12

v0.8.13

v0.8.14

v0.8.15

v0.8.16

v0.8.17

v0.8.18

v0.8.19

v0.8.2

v0.8.20

v0.8.21

v0.8.22

v0.8.23

v0.8.24

v0.8.25

v0.8.26

v0.8.27

v0.8.28

v0.8.29

v0.8.3

v0.8.30

v0.8.31

v0.8.32

v0.8.33

v0.8.34

v0.8.35

v0.8.36

v0.8.37

v0.8.38

v0.8.39

v0.8.4

v0.8.40

v0.8.41

v0.8.42

v0.8.43

v0.8.44

v0.8.45

v0.8.46

v0.8.47

v0.8.48

v0.8.49

v0.8.5

v0.8.50

v0.8.51

v0.8.52

v0.8.53

v0.8.54

v0.8.55

v0.8.56

v0.8.57

v0.8.58

v0.8.59

v0.8.6

v0.8.7

v0.8.8

v0.8.9

v0.9.0

v0.9.1

v0.9.10

v0.9.11

v0.9.12

v0.9.13

v0.9.14

v0.9.15

v0.9.16

v0.9.17

v0.9.18

v0.9.19

v0.9.2

v0.9.20

v0.9.21

v0.9.22

v0.9.23

v0.9.24

v0.9.25

v0.9.26

v0.9.27

v0.9.28

v0.9.29

v0.9.3

v0.9.30

v0.9.31

v0.9.32

v0.9.33

v0.9.34

v0.9.35

v0.9.36

v0.9.37

v0.9.38

v0.9.39

v0.9.4

v0.9.40

v0.9.41

v0.9.42

v0.9.43

v0.9.44

v0.9.45

v0.9.46

v0.9.47

v0.9.48

v0.9.49

v0.9.5

v0.9.50

v0.9.51

v0.9.52

v0.9.53

v0.9.54

v0.9.55

v0.9.56

v0.9.57

v0.9.58

v0.9.59

v0.9.6

v0.9.60

v0.9.7

v0.9.8

v0.9.9

v1.*

v1.0.0

v1.0.1

v1.0.10

v1.0.11

v1.0.12

v1.0.13

v1.0.14

v1.0.15

v1.0.16

v1.0.17

v1.0.18

v1.0.19

v1.0.2

v1.0.20

v1.0.21

v1.0.22

v1.0.23

v1.0.24

v1.0.25

v1.0.26

v1.0.27

v1.0.28

v1.0.29

v1.0.3

v1.0.30

v1.0.31

v1.0.32

v1.0.33

v1.0.34

v1.0.35

v1.0.36

v1.0.37

v1.0.38

v1.0.4

v1.0.5

v1.0.6

v1.0.7

v1.0.8

v1.0.9

v1.1.0

v1.1.1

v1.1.10

v1.1.11

v1.1.12

v1.1.13

v1.1.14

v1.1.15

v1.1.16

v1.1.17

v1.1.18

v1.1.19

v1.1.2

v1.1.20

v1.1.21

v1.1.22

v1.1.23

v1.1.24

v1.1.25

v1.1.26

v1.1.27

v1.1.28

v1.1.29

v1.1.3

v1.1.4

v1.1.5

v1.1.6

v1.1.7

v1.1.8

v1.1.9

v1.2.0

v1.2.1

v1.2.10

v1.2.11

v1.2.12

v1.2.13

v1.2.14

v1.2.15

v1.2.16

v1.2.17

v1.2.18

v1.2.19

v1.2.2

v1.2.20

v1.2.21

v1.2.22

v1.2.23

v1.2.24

v1.2.25

v1.2.3

v1.2.4

v1.2.5

v1.2.6

v1.2.7

v1.2.8

v1.2.9

v1.3.0

v1.3.1

v1.3.10

v1.3.11

v1.3.12

v1.3.13

v1.3.14

v1.3.15

v1.3.16

v1.3.17

v1.3.2

v1.3.3

v1.3.4

v1.3.5

v1.3.6

v1.3.7

v1.3.8

v1.3.9

v1.4.0

v1.4.1

v1.4.2

v1.4.3

v1.4.4

v1.4.5

v1.4.6

v1.4.7

v1.4.8

v1.5.0

v1.5.1

v1.5.10

v1.5.11

v1.5.12

v1.5.13

v1.5.15

v1.5.16

v1.5.17

v1.5.18

v1.5.2

v1.5.3

v1.5.4

v1.5.5

v1.5.6

v1.5.7

v1.5.8

v1.5.9

v1.6.0

v1.6.1

v1.6.2

v1.6.3

v1.6.4

v1.6.5

v1.6.6

v1.6.7

v1.7.0

v1.7.1

v1.7.10

v1.7.11

v1.7.12

v1.7.13

v1.7.14

v1.7.15

v1.7.2

v1.7.3

v1.7.4

v1.7.5

v1.7.6

v1.7.7

v1.7.8

v1.7.9

v1.8.0

v1.8.1

v1.8.10

v1.8.11

v1.8.12

v1.8.13

v1.8.14

v1.8.15

v1.8.2

v1.8.3

v1.8.4

v1.8.5

v1.8.7

v1.8.8

v1.8.9

v1.9.0

v1.9.1

v1.9.10

v1.9.11

v1.9.12

v1.9.13

v1.9.14

v1.9.15

v1.9.16

v1.9.17

v1.9.18

v1.9.19

v1.9.2

v1.9.20

v1.9.21

v1.9.22

v1.9.3

v1.9.4

v1.9.5

v1.9.6

v1.9.7

v1.9.8

v1.9.9

v2.*

v2.0.0

v2.0.1

v2.1.0

v2.1.1

v2.1.10

v2.1.11

v2.1.12

v2.1.13

v2.1.14

v2.1.15

v2.1.16

v2.1.17

v2.1.18

v2.1.19

v2.1.2

v2.1.20

v2.1.21

v2.1.22

v2.1.3

v2.1.4

v2.1.5

v2.1.6

v2.1.7

v2.1.8

v2.1.9

v2.2.0

v2.3.0

v2.3.1

v2.3.2

v2.4.0

v2.4.1

v2.4.10

v2.4.11

v2.4.12

v2.4.13

v2.4.14

v2.4.15

v2.4.2

v2.4.3

v2.4.4

v2.4.5

v2.4.6

v2.4.7

v2.4.8

v2.4.9

v2.5.0

v2.5.1

v2.5.2

v2.5.3

v2.5.4

v2.5.5

v2.5.6

v2.5.7

v2.5.8

v2.5.9

v2.6.0

v2.6.1

v2.6.2

v2.6.3

v2.6.4

v2.6.5

v2.6.6

v2.6.7

v2.6.8

v2.7.0

v2.7.1

v2.7.10

v2.7.2

v2.7.3

v2.7.4

v2.7.5

v2.7.7

v2.7.8

v2.7.9

v2.8.0

v2.8.1

v2.8.2

v2.8.3

v2.8.4

v2.8.5

v2.8.6

Database specific

vanir_signatures

[
    {
        "digest": {
            "line_hashes": [
                "319953548780886678756405202304630774357",
                "228928258810351972415558832941811870001",
                "323424186652986449396460401475159329246",
                "54301167607437185411921430364950200715",
                "105752962412594996104515651931465131240",
                "271159647414825322078303120261358533440"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2021-36769-9b48a2e3",
        "signature_version": "v1",
        "target": {
            "file": "Telegram/SourceFiles/core/version.h"
        },
        "source": "https://github.com/telegramdesktop/tdesktop/commit/b69cac3ed6d224146b60d1586e0e1fa40aafc3cf",
        "deprecated": false,
        "signature_type": "Line"
    }
]

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-36769.json"