What is GHSA-jp69-qvgm-mqwx?

GHSA-jp69-qvgm-mqwx is a security advisory published by GitHub Security Advisories with Medium severity. libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows...

Which CVE IDs does GHSA-jp69-qvgm-mqwx cover?

GHSA-jp69-qvgm-mqwx covers the following CVE IDs: CVE-2026-23679. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-jp69-qvgm-mqwx?

GHSA-jp69-qvgm-mqwx has a CVSS v3 base score of 6.2, published by GitHub Security Advisories.

GHSA-jp69-qvgm-mqwxMediumCVSS 6.2

libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows...

Vendor

GitHub Security Advisories

Published

May 27, 2026

Last Modified

May 27, 2026

🔗 CVE IDs covered (1)

CVE-2026-23679 →

📋 Description

libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by supplying a malformed USB configuration descriptor where an interface claims bNumEndpoints greater than zero but is followed by a class-specific descriptor whose bLength exceeds the remaining buffer size, causing parse_interface() to return early without allocating the endpoint array. Attackers can exploit this flaw through libusb_get_active_config_descriptor or libusb_get_config_descriptor by providing crafted descriptors via virtualized USB passthrough, file-based descriptor parsing, or network sources, causing any application iterating over endpoints to dereference a NULL endpoint pointer and crash.

🔗 CVE IDs covered (1)

📋 Description

🔗 References (7)