Executive Summary

This vulnerability exists in the Cordova plugin cordova-plugin-x-socialsharing for Android version 6.0.4. The plugin registers an exported broadcast receiver that listens for SEND intents. The receiver's onReceive method accesses an intent extra called EXTRA_CHOSEN_COMPONENT without checking if it is null. If a broadcast is sent with extras but without this specific extra, the code dereferences a null value, causing a NullPointerException and crashing the host application. Because the receiver is exported and does not validate the sender or permissions, any local app on the device can send crafted broadcasts to trigger this crash repeatedly, resulting in a denial of service at the application level.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can be exploited by any local, unauthenticated application on the device to send specially crafted broadcasts that cause the host application (which includes the vulnerable plugin) to crash repeatedly. This leads to a local denial of service, disrupting the normal operation of the affected app and potentially degrading user experience or causing loss of functionality.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by monitoring for repeated crashes of applications that include the cordova-plugin-x-socialsharing plugin on Android devices. Specifically, look for crashes caused by NullPointerExceptions originating from the exported broadcast receiver nl.xservices.plugins.ShareChooserPendingIntent when receiving android.intent.action.SEND intents without the EXTRA_CHOSEN_COMPONENT extra. On a rooted Android device or emulator, you can use logcat to detect such crashes with the command: `adb logcat | grep ShareChooserPendingIntent` or `adb logcat | grep NullPointerException`. Additionally, monitoring for unusual or repeated ACTION_SEND broadcasts sent to this exported receiver may indicate exploitation attempts. However, no specific detection commands are provided in the resources. [1]

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include updating or patching the cordova-plugin-x-socialsharing plugin to a version where this vulnerability is fixed, if available. If an update is not available, consider removing or disabling the plugin to prevent exploitation. Additionally, as a workaround, restrict or monitor local applications from sending crafted ACTION_SEND broadcasts to the exported broadcast receiver nl.xservices.plugins.ShareChooserPendingIntent. Implementing permission checks or caller validation in the receiver code can also mitigate the issue, but this requires modifying the plugin source. Since the plugin is actively maintained, checking the official GitHub repository for patches or updates is recommended. [1]

Useful 0 Not Useful 0