SB2026041576 - Meinberg LANTIME firmware update for third-party components
Published: April 15, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 19 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2026-0967)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the match_pattern() function when comparing configuration files or known hosts against the hostname. A local user with ability to modify the configuration file or known_hosts file can crash the application.
2) Resource exhaustion (CVE-ID: CVE-2026-27171)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
3) Resource exhaustion (CVE-ID: CVE-2026-0992)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when processing XML catalogs that contain repeated <nextCatalog> elements pointing to the same downstream catalog. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
4) Uncontrolled Recursion (CVE-ID: CVE-2026-0990)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an uncontrolled recursion in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker can pass specially crafted input to the application and perform a denial of service attack.
5) Uncontrolled Recursion (CVE-ID: CVE-2026-0989)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an uncontrolled recursion in the RelaxNG parser. A remote attacker can pass specially crafted input to the application and perform a denial of service attack.
6) Improper Neutralization of Argument Delimiters in a Command (CVE-ID: CVE-2026-24061)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to improper input validation when processing attacker-controlled USER environment variable. A remote non-authenticated attacker can simply connect to the remote server with a specially crafted environment variable and obtain root privileges.
Exploitation example:
USER='-f root' telnet -a <host>
7) Out-of-bounds read (CVE-ID: CVE-2026-0968)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the sftp_parse_longname() function. A malicious SFTP server can send a specially crafted SSH_FXP_NAME message to trigger an out-of-bounds read and crash the application or read parts of system memory on the client system.
8) Buffer underflow (CVE-ID: CVE-2026-0966)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a boundary error within the ssh_get_hexa() function when reading zero-length input during GSSAPI authentication. A remote attacker can send specially crafted data to the application and perform a denial of service attack.
9) Authentication Bypass by Primary Weakness (CVE-ID: CVE-2026-1965)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to improper reuse of HTTP Negotiate connection. A remote attacker can bypass authentication and gain access to the target system.
10) Input validation error (CVE-ID: CVE-2026-0965)
The vulnerability allows a local user to crash the application.
The vulnerability exists due to insufficient validation of user-supplied input when parsing configuration filers. A local user can supply a specially crafted configuration and crash the application.
11) Path traversal (CVE-ID: CVE-2026-0964)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can trick the victim into connecting to a malicious SCP server and overwrite arbitrary files on the user's system.
12) Heap-based buffer overflow (CVE-ID: CVE-2026-25646)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the png_set_quantize() API function. A remote attacker can pass specially crafted PNG image to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
13) Release of invalid pointer or reference (CVE-ID: CVE-2026-1584)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to invalid pointer access in TLS 1.3 implementation. A remote attacker can send an invalid PSK binder value in ClientHello message and perform a denial of service attack.
14) Resource exhaustion (CVE-ID: CVE-2025-14831)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when verifying certificates with a large amount of name constraints. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
15) Integer overflow (CVE-ID: CVE-2026-25210)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the doContent() function. A remote attacker can pass specially crafted XML data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
16) NULL pointer dereference (CVE-ID: CVE-2026-24515)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in XML_ExternalEntityParserCreate. A remote attacker can pass specially crafted XML data to the application and perform a denial of service (DoS) attack.
17) Use-after-free (CVE-ID: CVE-2026-3805)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when doing a second SMB request to the same host again. A remote attacker can gain access to sensitive information on the system.
18) Authentication Bypass by Primary Weakness (CVE-ID: CVE-2026-3784)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to wrong proxy connection reuse with credentials. A remote attacker can bypass authentication and gain access to the target system.
19) Insufficiently protected credentials (CVE-ID: CVE-2026-3783)
The vulnerability allows a remote attacker to gain access to sensitive information on the system.
The vulnerability exists due to insufficiently protected credentials When the OAuth2 bearer token is used for an HTTP(S) transfer. A remote attacker can gain access to sensitive information on the system.
Remediation
Install update from vendor's website.