Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-23679

libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by supplying a malformed USB configuration descriptor where an interface claims bNumEndpoints greater than zero but is followed by a class-specific descriptor whose bLength exceeds the remaining buffer size, causing parse_interface() to return early without allocating the endpoint array. Attackers can exploit this flaw through libusb_get_active_config_descriptor or libusb_get_config_descriptor by providing crafted descriptors via virtualized USB passthrough, file-based descriptor parsing, or network sources, causing any application iterating over endpoints to dereference a NULL endpoint pointer and crash.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 1.9%
CVSS Severity
CVSS v3 Score 6.2
Products affected by CVE-2026-23679
  • Libusb » Libusb » Version: 0.9.0
    cpe:2.3:a:libusb:libusb:0.9.0
  • Libusb » Libusb » Version: 0.9.1
    cpe:2.3:a:libusb:libusb:0.9.1
  • Libusb » Libusb » Version: 0.9.2
    cpe:2.3:a:libusb:libusb:0.9.2
  • Libusb » Libusb » Version: 0.9.3
    cpe:2.3:a:libusb:libusb:0.9.3
  • Libusb » Libusb » Version: 0.9.4
    cpe:2.3:a:libusb:libusb:0.9.4
  • Libusb » Libusb » Version: 1.0.0
    cpe:2.3:a:libusb:libusb:1.0.0
  • Libusb » Libusb » Version: 1.0.1
    cpe:2.3:a:libusb:libusb:1.0.1
  • Libusb » Libusb » Version: 1.0.10
    cpe:2.3:a:libusb:libusb:1.0.10
  • Libusb » Libusb » Version: 1.0.11
    cpe:2.3:a:libusb:libusb:1.0.11
  • Libusb » Libusb » Version: 1.0.12
    cpe:2.3:a:libusb:libusb:1.0.12
  • Libusb » Libusb » Version: 1.0.13
    cpe:2.3:a:libusb:libusb:1.0.13
  • Libusb » Libusb » Version: 1.0.14
    cpe:2.3:a:libusb:libusb:1.0.14
  • Libusb » Libusb » Version: 1.0.15
    cpe:2.3:a:libusb:libusb:1.0.15
  • Libusb » Libusb » Version: 1.0.16
    cpe:2.3:a:libusb:libusb:1.0.16
  • Libusb » Libusb » Version: 1.0.17
    cpe:2.3:a:libusb:libusb:1.0.17
  • Libusb » Libusb » Version: 1.0.18
    cpe:2.3:a:libusb:libusb:1.0.18
  • Libusb » Libusb » Version: 1.0.19
    cpe:2.3:a:libusb:libusb:1.0.19
  • Libusb » Libusb » Version: 1.0.2
    cpe:2.3:a:libusb:libusb:1.0.2
  • Libusb » Libusb » Version: 1.0.20
    cpe:2.3:a:libusb:libusb:1.0.20
  • Libusb » Libusb » Version: 1.0.21
    cpe:2.3:a:libusb:libusb:1.0.21
  • Libusb » Libusb » Version: 1.0.22
    cpe:2.3:a:libusb:libusb:1.0.22
  • Libusb » Libusb » Version: 1.0.23
    cpe:2.3:a:libusb:libusb:1.0.23
  • Libusb » Libusb » Version: 1.0.24
    cpe:2.3:a:libusb:libusb:1.0.24
  • Libusb » Libusb » Version: 1.0.25
    cpe:2.3:a:libusb:libusb:1.0.25
  • Libusb » Libusb » Version: 1.0.26
    cpe:2.3:a:libusb:libusb:1.0.26
  • Libusb » Libusb » Version: 1.0.27
    cpe:2.3:a:libusb:libusb:1.0.27
  • Libusb » Libusb » Version: 1.0.28
    cpe:2.3:a:libusb:libusb:1.0.28
  • Libusb » Libusb » Version: 1.0.29
    cpe:2.3:a:libusb:libusb:1.0.29
  • Libusb » Libusb » Version: 1.0.3
    cpe:2.3:a:libusb:libusb:1.0.3
  • Libusb » Libusb » Version: 1.0.4
    cpe:2.3:a:libusb:libusb:1.0.4
  • Libusb » Libusb » Version: 1.0.5
    cpe:2.3:a:libusb:libusb:1.0.5
  • Libusb » Libusb » Version: 1.0.6
    cpe:2.3:a:libusb:libusb:1.0.6
  • Libusb » Libusb » Version: 1.0.7
    cpe:2.3:a:libusb:libusb:1.0.7
  • Libusb » Libusb » Version: 1.0.8
    cpe:2.3:a:libusb:libusb:1.0.8
  • Libusb » Libusb » Version: 1.0.9
    cpe:2.3:a:libusb:libusb:1.0.9


Products
Pricing
Contact Us

Shodan ® - All rights reserved