CVE-2024-20805: 
NixOS vulnerability analysis and mitigation

Path traversal vulnerability was discovered in ZipCompressor of MyFiles application affecting Samsung devices running Android 11, Android 12 (prior to SMR Jan-2024 Release 1), and Android 13 (prior to version 14.5.00.21). The vulnerability allows local attackers to write arbitrary files (Samsung Mobile, NVD).

The vulnerability is classified as a path traversal issue (CWE-22) with a CVSS v3.1 base score of 5.5 (MEDIUM) according to NIST's assessment (Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N). Samsung Mobile's own assessment rates it lower at 3.3 (LOW) with vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N (NVD).

The vulnerability enables local attackers to perform arbitrary file write operations with MyFiles privileges. This could potentially lead to unauthorized file system modifications and compromise system integrity (NVD).

Samsung has addressed this vulnerability in the January 2024 Security Maintenance Release (SMR Jan-2024 Release 1) for Android 11 and Android 12 devices, and in version 14.5.00.21 for Android 13 devices. Users are advised to update their devices to these versions (Samsung Mobile).