CVE-2018-17780

Name of the Vulnerable Software and Affected Versions Telegram Desktop (aka tdesktop) version 1.3.14 Telegram version 3.3.0.0 WP8.1 on Windows

Description The issue allows the leakage of end-user public and private IP addresses during a call due to an unsafe default behavior. This behavior involves accepting P2P connections from clients outside of the My Contacts list. The leakage occurs when a Telegram call is made and both parties use the peer-to-peer option.

Recommendations For Telegram Desktop version 1.3.14, consider disabling the peer-to-peer call feature until a patch is available. For Telegram version 3.3.0.0 WP8.1 on Windows, restrict the acceptance of P2P connections to only trusted contacts to minimize the risk of IP address leakage.