CVE-2026-23679

Source
https://cve.org/CVERecord?id=CVE-2026-23679
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23679.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-23679
Downstream
Published
2026-05-27T13:21:37.035Z
Modified
2026-07-08T08:12:26.120523060Z
Severity
  • 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
libusb < 1.0.30 NULL Pointer Dereference in parse_interface()
Details

libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by supplying a malformed USB configuration descriptor where an interface claims bNumEndpoints greater than zero but is followed by a class-specific descriptor whose bLength exceeds the remaining buffer size, causing parseinterface() to return early without allocating the endpoint array. Attackers can exploit this flaw through libusbgetactiveconfigdescriptor or libusbgetconfigdescriptor by providing crafted descriptors via virtualized USB passthrough, file-based descriptor parsing, or network sources, causing any application iterating over endpoints to dereference a NULL endpoint pointer and crash.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23679.json",
    "cna_assigner": "VulnCheck",
    "cwe_ids": [
        "CWE-125"
    ]
}
References

Affected packages

Git / github.com/libusb/libusb

Affected ranges

Type
GIT
Repo
https://github.com/libusb/libusb
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Database specific
{
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ],
    "cpe": "cpe:2.3:a:libusb:libusb:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.0.30"
        }
    ]
}

Affected versions

Other
academic-demo
v0.*
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.4
v1.*
v1.0.0
v1.0.1
v1.0.10
v1.0.10-rc1
v1.0.11
v1.0.11-rc1
v1.0.12
v1.0.12-rc1
v1.0.13
v1.0.13-rc1
v1.0.13-rc2
v1.0.14
v1.0.15
v1.0.15-rc1
v1.0.15-rc2
v1.0.15-rc3
v1.0.16
v1.0.16-rc1
v1.0.16-rc2
v1.0.16-rc3
v1.0.17
v1.0.17-rc1
v1.0.18
v1.0.18-rc1
v1.0.19
v1.0.19-rc1
v1.0.19-rc2
v1.0.2
v1.0.20
v1.0.20-rc1
v1.0.20-rc2
v1.0.20-rc3
v1.0.21
v1.0.21-rc1
v1.0.21-rc2
v1.0.21-rc3
v1.0.21-rc4
v1.0.21-rc5
v1.0.21-rc6
v1.0.22
v1.0.22-rc1
v1.0.22-rc2
v1.0.22-rc3
v1.0.22-rc4
v1.0.23
v1.0.23-rc1
v1.0.23-rc2
v1.0.23-rc3
v1.0.24
v1.0.24-rc1
v1.0.25
v1.0.25-rc1
v1.0.26
v1.0.26-rc1
v1.0.27
v1.0.27-rc1
v1.0.27-rc2
v1.0.28
v1.0.28-rc1
v1.0.29
v1.0.3
v1.0.30-rc1
v1.0.30-rc2
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.8
v1.0.9
v1.0.9-rc4
v1.0.9-rc5

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23679.json"