CVE-2023-42556: 
NixOS vulnerability analysis and mitigation

CVE-2023-42556 is a vulnerability discovered in Samsung's Contacts application prior to SMR Dec-2023 Release 1. The vulnerability involves improper usage of implicit intent, which could allow attackers to obtain sensitive information. The issue was reported privately on May 31, 2023, and affects Android versions 11, 12, 13, and 14 (Samsung Advisory).

The vulnerability is classified as Moderate severity with a CVSS v3.1 Base Score of 5.5 MEDIUM according to NIST's assessment, while Samsung Mobile's assessment rates it at 3.3 LOW. The CVSS vector string is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N, indicating that the vulnerability requires local access and user interaction, with potential impact primarily on confidentiality (NVD).

The vulnerability allows attackers to access sensitive information through the exploitation of improper implicit intent usage in the Contacts application. The impact is primarily focused on data confidentiality, with no direct impact on system integrity or availability (Samsung Advisory).

Samsung has addressed this vulnerability by changing the implicit intent to explicit intent in the SMR Dec-2023 Release 1 update. Users are advised to update their devices to this version or later to mitigate the vulnerability (Samsung Advisory).