CVE-2026-47104

CVE-2026-47104

Name

CVE-2026-47104

Description

libusb before version 1.0.30 contains a one-byte out-of-bounds read vulnerability in parse_iad_array() in descriptor.c that allows attackers to trigger a denial of service by supplying a malformed USB descriptor whose bLength equals size minus one, causing the bounds check to use the original buffer size instead of the remaining size. Attackers in virtualized environments with USB passthrough can supply crafted descriptors through libusb_get_active_interface_association_descriptors or libusb_get_interface_association_descriptors to read one byte past the end of the malloc allocation, resulting in a denial of service.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
disclosure@vulncheck.com	https://github.com/libusb/libusb/commit/578ab76b4c434f8b204137ab6d7310689c7a9704
disclosure@vulncheck.com	https://github.com/libusb/libusb/issues/1813
disclosure@vulncheck.com	https://github.com/libusb/libusb/pull/1814
disclosure@vulncheck.com	https://github.com/libusb/libusb/releases/tag/v1.0.30
disclosure@vulncheck.com	https://www.vulncheck.com/advisories/libusb-out-of-bounds-read-in-parse-iad-array

Type

URI

disclosure@vulncheck.com

https://github.com/libusb/libusb/commit/578ab76b4c434f8b204137ab6d7310689c7a9704

disclosure@vulncheck.com

https://github.com/libusb/libusb/issues/1813

disclosure@vulncheck.com

https://github.com/libusb/libusb/pull/1814

disclosure@vulncheck.com

https://github.com/libusb/libusb/releases/tag/v1.0.30

disclosure@vulncheck.com

https://www.vulncheck.com/advisories/libusb-out-of-bounds-read-in-parse-iad-array

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:libusb:libusb::::::::`	libusb	>= None	< 1.0.30

CPE URI

Source package

Min version

Max version

cpe:2.3:a:libusb:libusb:*:*:*:*:*:*:*:*

libusb

>= None

< 1.0.30

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
libusb	edge-main	1.0.29-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libusb	edge-main	1.0.28-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libusb	edge-main	1.0.27-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libusb	3.23-main	1.0.29-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libusb	3.22-main	1.0.28-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libusb	3.21-main	1.0.27-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libusb	3.20-main	1.0.27-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
libusb	3.19-main	1.0.26-r3	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

libusb

edge-main

1.0.29-r0

Natanael Copa <ncopa@alpinelinux.org>

possibly vulnerable

libusb

edge-main