{"id":"DEBIAN-CVE-2018-17780","details":"Telegram Desktop (aka tdesktop) 1.3.14, and Telegram 3.3.0.0 WP8.1 on Windows, leaks end-user public and private IP addresses during a call because of an unsafe default behavior in which P2P connections are accepted from clients outside of the My Contacts list.","modified":"2026-04-28T20:18:57.174672Z","published":"2018-09-29T19:29:00.237Z","upstream":["CVE-2018-17780"],"references":[{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2018-17780"}],"affected":[{"package":{"name":"telegram-desktop","ecosystem":"Debian:11","purl":"pkg:deb/debian/telegram-desktop?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4.0-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2018-17780.json"}},{"package":{"name":"telegram-desktop","ecosystem":"Debian:12","purl":"pkg:deb/debian/telegram-desktop?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4.0-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2018-17780.json"}},{"package":{"name":"telegram-desktop","ecosystem":"Debian:14","purl":"pkg:deb/debian/telegram-desktop?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4.0-1"}]}],"versions":["1.0.14-1","1.0.29-1","1.1.0-1","1.1.10-1","1.1.18-1","1.1.19-1","1.1.19-2","1.1.23-1","1.1.23-1~bpo9+1","1.1.23-2","1.1.23-3","1.2.1-1","1.2.1-2","1.2.15-1","1.2.17-1","1.2.6-1","1.2.6-2","1.3.10-1","1.3.10-2","1.3.14-1","1.3.7-1"],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2018-17780.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}