UBUNTU-CVE-2019-10044

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2019-10044

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-10044.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2019-10044

Upstream

CVE-2019-10044

Published

2019-03-25T20:29:00Z

Modified

2025-07-18T16:45:05Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

Telegram Desktop before 1.5.12 on Windows, and the Telegram applications for Android, iOS, and Linux, is vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets.

References

Affected packages

Ubuntu:Pro:18.04:LTS / telegram-desktop

Package

Name: telegram-desktop
Purl: pkg:deb/ubuntu/telegram-desktop@1.2.17-1?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.1.23-1

1.1.23-1build1

1.1.23-2

1.1.23-3

1.2.6-1

1.2.6-2

1.2.6-2build1

1.2.6-2build2

1.2.6-2build3

1.2.15-1

1.2.15-1build1

1.2.17-1