CVE-2026-23679

Name of the Vulnerable Software and Affected Versions libusb versions prior to 1.0.30

Description A NULL pointer dereference occurs when a malformed USB configuration descriptor is supplied. Specifically, if an interface claims bNumEndpoints greater than zero but is followed by a class-specific descriptor with a bLength exceeding the remaining buffer size, the parse interface() function returns early without allocating the endpoint array. This can be exploited via the functions libusb get active config descriptor or libusb get config descriptor by providing crafted descriptors through network sources, file-based descriptor parsing, or virtualized USB passthrough, leading to an application crash when iterating over endpoints.

Recommendations Update to version 1.0.30 or later.