Uvscan

**Name of the Vulnerable Software and Affected Versions** Samsung TizenRT versions through 3.0 GBM Samsung TizenRT version 3.1 PRE **Description** An issue was discovered that leads to a denial of service, resulting in a malfunction. The problem is caused by a missing check on the return value of `pcap dispatch` in the `l2 packet receive timeout` function, located in `wpa supplicant/src/l2 packet/l2 packet pcap.c`. **Recommendations** For Samsung TizenRT versions through 3.0 GBM, consider applying a patch that adds a check on the return value of `pcap dispatch` to prevent the denial of service. For Samsung TizenRT version 3.1 PRE, consider applying a patch that adds a check on the return value of `pcap dispatch` to prevent the denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Samsung TizenRT versions through 3.0 GBM and 3.1 PRE **Description** An issue was discovered in the createDB function within the provisioningdatabasemanager.c file, located in the security/provisioning/src directory. This issue is caused by a missing `sqlite3 close` call after `sqlite3 open v2`, resulting in a denial of service. **Recommendations** For Samsung TizenRT versions through 3.0 GBM and 3.1 PRE, consider applying a patch that includes the necessary `sqlite3 close` call after `sqlite3 open v2` in the createDB function to prevent a denial of service.

**Name of the Vulnerable Software and Affected Versions** Samsung TizenRT versions 3.0 GBM through 3.1 PRE **Description** An issue in the `cyassl connect step2` function in `curl/vtls/cyassl.c` leads to information disclosure due to a missing `X509 free` after `SSL get peer certificate`. **Recommendations** For Samsung TizenRT versions 3.0 GBM through 3.1 PRE, consider applying a patch that includes the necessary `X509 free` call after `SSL get peer certificate` to prevent information disclosure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Samsung mTower versions 0.3.0 and earlier **Description** The issue is related to a missing check on the return value of `EC KEY set private key` in the `sign pFwInfo` function, leading to a denial of service. **Recommendations** For Samsung mTower versions 0.3.0 and earlier, consider disabling the `sign pFwInfo` function until a patch is available to prevent potential denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Samsung mTower versions 0.3.0 and earlier **Description** The issue is related to a missing check on the return value of `EC KEY set public key affine coordinates` in the `sign pFwInfo` function, leading to a denial of service. **Recommendations** For Samsung mTower versions 0.3.0 and earlier, consider disabling the `sign pFwInfo` function until a patch is available to prevent potential denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.