{"id":"UBUNTU-CVE-2021-36769","details":"A reordering issue exists in Telegram before 7.8.1 for Android, Telegram before 7.8.3 for iOS, and Telegram Desktop before 2.8.8. An attacker can cause the server to receive messages in a different order than they were sent a client.","modified":"2025-10-24T04:50:26Z","published":"2021-07-17T00:15:00Z","upstream":["CVE-2021-36769"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-36769"},{"type":"REPORT","url":"https://mtpsym.github.io/"},{"type":"REPORT","url":"https://mtpsym.github.io"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2021-36769"}],"affected":[{"package":{"name":"telegram-desktop","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/telegram-desktop@1.2.17-1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.1.23-1","1.1.23-1build1","1.1.23-2","1.1.23-3","1.2.6-1","1.2.6-2","1.2.6-2build1","1.2.6-2build2","1.2.6-2build3","1.2.15-1","1.2.15-1build1","1.2.17-1"],"ecosystem_specific":{"binaries":[{"binary_version":"1.2.17-1","binary_name":"telegram-desktop"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-36769.json"}},{"package":{"name":"telegram-desktop","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/telegram-desktop@3.1.1+ds-1~ubuntu20.04.1?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.8.8-1","1.8.15-2","1.9.8~slim-1","1.9.14+ds-1","1.9.14+ds-2","1.9.21+ds-1","2.0.1+ds-1","2.0.1+ds-1build1","2.1.7+ds-2~ubuntu20.04.1","3.1.1+ds-1~ubuntu20.04.1"],"ecosystem_specific":{"binaries":[{"binary_version":"3.1.1+ds-1~ubuntu20.04.1","binary_name":"telegram-desktop"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-36769.json"}},{"package":{"name":"telegram-desktop","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/telegram-desktop@3.6.1+ds-2build1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.1.1+ds-1","3.5.2+ds-1","3.6.1+ds-2build1"],"ecosystem_specific":{"binaries":[{"binary_version":"3.6.1+ds-2build1","binary_name":"telegram-desktop"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-36769.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"type":"Ubuntu","score":"medium"}]}