NULL Pointer Dereference Vulnerability in libusb Affects Multiple Applications
CVE-2026-23679

6.9MEDIUM

Key Information:

Vendor: Libusb
Status: Libusb
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-23679?

libusb versions prior to 1.0.30 are susceptible to a NULL pointer dereference vulnerability that arises when an interface claims a number of endpoints greater than zero, but is immediately followed by a class-specific descriptor whose length exceeds the remaining buffer. This can lead to premature termination of the parse_interface() function without proper allocation of the endpoint array. Attackers can exploit this vulnerability by feeding malformed USB configuration descriptors via libusb_get_active_config_descriptor or libusb_get_config_descriptor. Possible exploitation vectors include virtualized USB passthrough, file-based descriptor parsing, or network sources. Such an attack can result in an application crashing when it attempts to iterate over endpoints due to dereferencing a NULL pointer.

Affected Version(s)

libusb 0

References

https://github.com/libusb/libusb/releases/tag/v1.0.30

release-notes

https://github.com/libusb/libusb/issues/1813

technical-description

https://github.com/libusb/libusb/pull/1814

issue-tracking

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
Jan 14, 2026

Credit

djnn

CVE-2026-23679 Data

JSON

Libusb

What is CVE-2026-23679?

Affected Version(s)

References

CVSS V4

Timeline

Credit