CVE-2021-30496

{"id": "CVE-2021-30496", "cveTags": [{"tags": ["disputed"], "sourceIdentifier": "cve@mitre.org"}], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.1}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.1}]}, "published": "2021-04-20T16:15:10.590", "references": [{"url": "https://gist.github.com/raminfp/bf64c2974ee6949787329749148a4b31", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://t.me/joinchat/bJ9cnUosVh03ZTI0", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://gist.github.com/raminfp/bf64c2974ee6949787329749148a4b31", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://t.me/joinchat/bJ9cnUosVh03ZTI0", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "The Telegram app 7.6.2 for iOS allows remote authenticated users to cause a denial of service (application crash) if the victim pastes an attacker-supplied message (e.g., in the Persian language) into a channel or group. The crash occurs in MtProtoKitFramework. NOTE: the vendor's perspective is that \"this behavior can't be considered a vulnerability.\""}, {"lang": "es", "value": "** EN DISPUTA ** La aplicaci\u00f3n Telegram versi\u00f3n 7.6.2 para iOS, permite a usuarios autenticados remoto causar una denegaci\u00f3n de servicio (bloqueo de la aplicaci\u00f3n) si la v\u00edctima pega un mensaje proporcionado por el atacante (por ejemplo, en el idioma Persian) en un canal o grupo. El bloqueo ocurre en la funci\u00f3n MtProtoKitFramework. NOTA: la perspectiva del proveedor es que \"este comportamiento no puede considerarse una vulnerabilidad\""}], "lastModified": "2024-11-21T06:04:02.233", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:telegram:telegram:7.6.2:*:*:*:*:iphone_os:*:*", "vulnerable": true, "matchCriteriaId": "69719CA8-ED11-463E-A7A8-68FA44F859ED"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}