UBUNTU-CVE-2026-23679

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2026-23679

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-23679.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-23679

Upstream

CVE-2026-23679

Withdrawn

2026-06-04T10:59:28Z

Published

2026-05-27T14:16:00Z

Modified

2026-06-04T12:45:25.426627204Z

Severity

6.2 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by supplying a malformed USB configuration descriptor where an interface claims bNumEndpoints greater than zero but is followed by a class-specific descriptor whose bLength exceeds the remaining buffer size, causing parseinterface() to return early without allocating the endpoint array. Attackers can exploit this flaw through libusbgetactiveconfigdescriptor or libusbgetconfigdescriptor by providing crafted descriptors via virtualized USB passthrough, file-based descriptor parsing, or network sources, causing any application iterating over endpoints to dereference a NULL endpoint pointer and crash.

References

Affected packages

Ubuntu:14.04:LTS

libusb

Package

Name: libusb
Purl: pkg:deb/ubuntu/libusb?arch=source&distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2:0.*

2:0.1.12-23.2ubuntu1

2:0.1.12-23.3

2:0.1.12-23.3ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2:0.1.12-23.3ubuntu1",
            "binary_name": "libusb++-0.1-4c2"
        },
        {
            "binary_version": "2:0.1.12-23.3ubuntu1",
            "binary_name": "libusb-0.1-4"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-23679.json"

Ubuntu:16.04:LTS

libusb

Package

Name: libusb
Purl: pkg:deb/ubuntu/libusb?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2:0.*

2:0.1.12-27

2:0.1.12-28

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2:0.1.12-28",
            "binary_name": "libusb++-0.1-4v5"
        },
        {
            "binary_version": "2:0.1.12-28",
            "binary_name": "libusb-0.1-4"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-23679.json"

Ubuntu:18.04:LTS

libusb

Package

Name: libusb
Purl: pkg:deb/ubuntu/libusb?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2:0.*

2:0.1.12-31

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2:0.1.12-31",
            "binary_name": "libusb-0.1-4"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-23679.json"

Ubuntu:20.04:LTS

libusb

Package

Name: libusb
Purl: pkg:deb/ubuntu/libusb?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2:0.*

2:0.1.12-32

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2:0.1.12-32",
            "binary_name": "libusb-0.1-4"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-23679.json"

Ubuntu:22.04:LTS

libusb

Package

Name: libusb
Purl: pkg:deb/ubuntu/libusb?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2:0.*

2:0.1.12-32build2

2:0.1.12-32build3

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2:0.1.12-32build3",
            "binary_name": "libusb-0.1-4"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-23679.json"

Ubuntu:24.04:LTS

libusb

Package

Name: libusb
Purl: pkg:deb/ubuntu/libusb?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2:0.*

2:0.1.12-32build3

2:0.1.12-33

2:0.1.12-35

2:0.1.12-35build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2:0.1.12-35build1",
            "binary_name": "libusb-0.1-4"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-23679.json"

Ubuntu:25.10

libusb

Package

Name: libusb
Purl: pkg:deb/ubuntu/libusb?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2:0.*

2:0.1.12-35build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2:0.1.12-35build1",
            "binary_name": "libusb-0.1-4"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-23679.json"

Ubuntu:26.04:LTS

libusb

Package

Name: libusb
Purl: pkg:deb/ubuntu/libusb?arch=source&distro=resolute

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2:0.*

2:0.1.12-35build1

2:0.1.12-35build2

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2:0.1.12-35build2",
            "binary_name": "libusb-0.1-4"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-23679.json"