CVE-2026-23679
EUVD-2026-3250227.05.2026, 14:16
libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by supplying a malformed USB configuration descriptor where an interface claims bNumEndpoints greater than zero but is followed by a class-specific descriptor whose bLength exceeds the remaining buffer size, causing parse_interface() to return early without allocating the endpoint array. Attackers can exploit this flaw through libusb_get_active_config_descriptor or libusb_get_config_descriptor by providing crafted descriptors via virtualized USB passthrough, file-based descriptor parsing, or network sources, causing any application iterating over endpoints to dereference a NULL endpoint pointer and crash.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| libusb | libusb | 𝑥 < 1.0.30 |
𝑥
= Vulnerable software versions
Amazon Linux Releases
Amazon Package | |||||
|---|---|---|---|---|---|
| libusbx |
| ||||
| libusbx-debuginfo |
| ||||
| libusbx-debugsource |
| ||||
| libusbx-devel |
| ||||
| libusbx-devel-doc |
| ||||
| libusbx-tests-examples |
| ||||
| libusbx-tests-examples-debuginfo |
|
Common Weakness Enumeration
References