CVE-2014-8688

Name of the Vulnerable Software and Affected Versions Telegram Messenger versions 1.8.2 through 2.6

Description The issue is related to the cleartext component of the Telegram Messenger instant messaging program, which lacks protection for service data. Exploitation of this issue may allow a remote attacker to access secret chat messages by reading the contents of memory segments used by the application. Secret chat messages are available in cleartext in process memory and a .db file.

Recommendations For versions 1.8.2 through 2.6, as a temporary workaround, consider restricting access to the memory segments used by the application to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.