DEBIAN-CVE-2021-36769

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2021-36769

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2021-36769.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2021-36769

Upstream

CVE-2021-36769

Published

2021-07-17T00:15:07.847Z

Modified

2025-12-13T23:15:47.996336Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

A reordering issue exists in Telegram before 7.8.1 for Android, Telegram before 7.8.3 for iOS, and Telegram Desktop before 2.8.8. An attacker can cause the server to receive messages in a different order than they were sent a client.

References

https://security-tracker.debian.org/tracker/CVE-2021-36769

Affected packages

Debian:11 / telegram-desktop

Package

Name: telegram-desktop
Purl: pkg:deb/debian/telegram-desktop?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.2+ds-1

Affected versions

2.*

2.6.1+ds-1

2.6.1+ds-1+deb11u1

2.9.0+ds-1

2.9.0+ds1-2

2.9.2+ds-1~bpo10+1

2.9.2+ds-1~bpo11+1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2021-36769.json"

Debian:12 / telegram-desktop

Package

Name: telegram-desktop
Purl: pkg:deb/debian/telegram-desktop?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.2+ds-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2021-36769.json"

Debian:14 / telegram-desktop

Package

Name: telegram-desktop
Purl: pkg:deb/debian/telegram-desktop?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.2+ds-1

Affected versions

1.*

1.0.14-1

1.0.29-1

1.1.0-1

1.1.10-1

1.1.18-1

1.1.19-1

1.1.19-2

1.1.23-1~bpo9+1

1.1.23-1

1.1.23-2

1.1.23-3

1.2.1-1

1.2.1-2

1.2.6-1

1.2.6-2

1.2.15-1

1.2.17-1

1.3.7-1

1.3.10-1

1.3.10-2

1.3.14-1

1.4.0-1

1.5.2-1

1.5.4-1

1.5.8-1

1.5.11-1

1.7.0-1

1.7.14-1

1.8.2-1

1.8.2-2

1.8.4-1

1.8.8-1

1.8.15-1

1.8.15-2~bpo10+1

1.8.15-2

1.9.8~slim-1

1.9.14+ds-1

1.9.14+ds-2

1.9.21+ds-1

2.*

2.0.1+ds-1

2.1.0+ds-1

2.1.4+ds-1

2.1.5+ds-1

2.1.7+ds-1

2.1.7+ds-2

2.2.0+ds-1

2.2.0+ds-2~bpo10+1

2.2.0+ds-2

2.2.0+ds-3

2.2.0+ds-4

2.2.0+ds-5

2.5.8+ds-1

2.5.8+ds-2

2.6.1+ds-1~bpo10+1

2.6.1+ds-1

2.9.0+ds-1

2.9.0+ds1-2

2.9.2+ds-1~bpo10+1

2.9.2+ds-1~bpo11+1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2021-36769.json"