Telegram Desktop Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in Telegram Desktop version 2.9.2. This issue allows attackers to crash the application by sending an oversized message payload. By generating a buffer of 9 million bytes and pasting it into the messaging interface, the application can be forced to crash.

Impact

Exploiting this vulnerability leads to a crash of the Telegram Desktop application, causing a denial-of-service condition where the application becomes unresponsive or unavailable.

Reproduction

To reproduce this vulnerability, create a text file containing 9 million bytes of data. This can be done using a simple script that generates a buffer of the desired size. Once the file is created, open Telegram Desktop and navigate to 'Saved Messages'. Copy the contents of the file and paste it into the message input area. The application will crash shortly after.