CVE-2023-30678
Description
Potential zip path traversal vulnerability in Calendar application prior to version 12.4.07.15 in Android 13 allows attackers to write arbitrary file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A zip path traversal vulnerability in Samsung Calendar app prior to version 12.4.07.15 on Android 13 allows attackers to write arbitrary files via a crafted archive.
Vulnerability
A zip path traversal vulnerability exists in the Samsung Calendar application prior to version 12.4.07.15 on Android 13. The application fails to properly validate file paths when extracting zip archives, allowing an attacker to write files outside the intended directory. [1]
Exploitation
An attacker must deliver a specially crafted zip archive to the victim, likely through a malicious calendar attachment or import. If the victim opens the archive within the Calendar app, the path traversal sequence (e.g., "../") in the zip entry names causes files to be written to arbitrary locations. No authentication beyond user interaction is required. [1]
Impact
Successful exploitation allows an attacker to write arbitrary files to the device's filesystem. This could lead to overwriting critical system files, planting malicious executables, or modifying application data, potentially resulting in privilege escalation or persistent compromise. [1]
Mitigation
The vulnerability is fixed in Calendar version 12.4.07.15. Users should update the Calendar app via the Galaxy Store or system updates. No workaround is available. [1]
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <12.4.07.15
- Samsung Mobile/Calendarv5Range: 12.4.07.15 in Android 13
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.