| शीर्षक | Telegram Telegram Desktop <= 6.7.5 NULL Pointer Dereference |
|---|
| विवरण | A NULL pointer dereference vulnerability exists in Telegram Desktop versions up to 6.7.5. The vulnerability is located in the RequestButton() function in Telegram/SourceFiles/boxes/url_auth_box.cpp. When processing a login_url inline keyboard button, the function conditionally assigns the bot pointer to nullptr if the server response does not include a write access request. The bot pointer is subsequently dereferenced to access the firstName member (at offset 0x188 in UserData) without a prior null check, resulting in an access violation and immediate client crash. The vulnerability is remotely triggerable by any bot operator via the Telegram Bot API and requires only a single click from the victim. The issue was reported to the vendor on 2026-04-10. |
|---|
| स्रोत | ⚠️ https://www.youtube.com/watch?v=xo9Bplsy1K8 |
|---|
| उपयोगकर्ता | oblivionsage (UID 97354) |
|---|
| सबमिशन | 14/04/2026 11:50 AM (2 महीनों पहले) |
|---|
| संयम | 02/05/2026 10:31 PM (18 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 360870 [Telegram Desktop तक 6.7.5 Bot API url_auth_box.cpp RequestButton login_url सेवा अस्वीकार] |
|---|
| अंक | 17 |
|---|