Platform
android
Component
smp-sdk
Fixed in
3.0.9
CVE-2021-25342 describes a Denial of Service (DoS) vulnerability affecting the SMP sdk for Android applications. This vulnerability allows unauthorized actions, including a DoS attack, by exploiting the calling of a non-existent provider. The vulnerability impacts versions of the SMP sdk up to and including 3.0.9, and a patch is available in version 3.0.9.
An attacker can exploit this vulnerability by crafting a malicious request that attempts to call a provider that does not exist within the SMP sdk. This can lead to a denial of service, effectively crashing the application or preventing it from performing its intended functions. The impact can range from temporary service disruption to complete application unavailability, potentially affecting user experience and data access. Successful exploitation requires the attacker to be able to influence the application's request flow, which may be possible through malicious input or compromised components.
This CVE was published on March 4, 2021. There is no indication of active exploitation or inclusion in the CISA KEV catalog at the time of writing. Public proof-of-concept code is not readily available, suggesting a relatively low probability of immediate widespread exploitation. The vulnerability's impact is primarily focused on application stability rather than data compromise.
Exploit Status
EPSS
0.05% (17% percentile)
CVSS Vector
The primary mitigation for CVE-2021-25342 is to upgrade the SMP sdk to version 3.0.9 or later, which contains the fix. If upgrading is not immediately feasible, consider implementing input validation to prevent the application from attempting to call non-existent providers. While a direct workaround is difficult, carefully reviewing and sanitizing any user-supplied data used to construct provider calls can help reduce the attack surface. After upgrading, confirm the fix by attempting to trigger the vulnerable code path and verifying that it no longer results in a DoS.
Update the SMP sdk to version 3.0.9 or later. This version corrects the vulnerability that allows unauthorized actions and denial of service attacks.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2021-25342 is a Denial of Service vulnerability in the SMP sdk for Android, allowing attackers to crash applications by calling non-existent providers.
You are affected if your Android application uses SMP sdk version 3.0.9 or earlier. Upgrade to 3.0.9 to mitigate the risk.
Upgrade the SMP sdk to version 3.0.9 or later. Implement input validation as a temporary workaround if upgrading is not immediately possible.
There is currently no evidence of active exploitation of CVE-2021-25342.
Refer to the vendor's security advisory for details: [https://github.com/SMP-SDK/SMP-SDK/issues/110](https://github.com/SMP-SDK/SMP-SDK/issues/110)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your build.gradle file and we'll tell you instantly if you're affected.