CVE-2017-17715 in Telegram Messengerinfo

Summary

The saveFile method in MediaController.java in the Telegram Messenger application before 2017-12-08 for Android allows directory traversal via a pathname obtained in a file-transfer request from a remote peer, as demonstrated by writing to tgnet.dat or tgnet.dat.bak.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservation

12/16/2017

Disclosure

12/16/2017

Moderation

VulDB entry created

Entries

1: VDB-110747

CPE

ready

CWE

CWE-22 (Confirmed)

CVSS

7.6

EPSS

0.00527

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-17715
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-17715
CVE Details	https://www.cvedetails.com/cve/CVE-2017-17715/

◂ Previous Overview Next ▸

Want to know what is going to be exploited?

We predict KEV entries!