Nixpkgs security tracker
6.9 MEDIUM
- CVSS version (CVSS): 4.0
- Attack Vector (AV): Local (L)
- Attack Complexity (AC): Low (L)
- Attack Requirement (AT): None (N)
- Privileges Required (PR): None (N)
- User Interaction (UI): None (N)
- Vulnerable System Impact Confidentiality (VC): None (N)
- Vulnerable System Impact Integrity (VI): None (N)
- Vulnerable System Impact Availability (VA): High (H)
- Subsequent System Impact Confidentiality (SC): None (N)
- Subsequent System Impact Integrity (SI): None (N)
- Subsequent System Impact Availability (SA): None (N)
- Modified Attack Vector (MAV): Local (L)
- Modified Attack Complexity (MAC): Low (L)
- Modified Attack Requirement (MAT): None (N)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): None (N)
- Modified Vulnerable System Impact Confidentiality (MVC): None (N)
- Modified Vulnerable System Impact Integrity (MVI): None (N)
- Modified Vulnerable System Impact Availability (MVA): High (H)
- Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
- Modified Subsequent System Impact Integrity (MSI): Negligible (N)
- Modified Subsequent System Impact Availability (MSA): Negligible (N)
- Safety (S): Not Defined (X)
- Automatable (AU): Not Defined (X)
- Recovery (R): Not Defined (X)
- Value Density (V): Not Defined (X)
- Vulnerability Response Effort (RE): Not Defined (X)
- Provider Urgency (U): Not Defined (X)
- Confidentiality Req. (CR): Not Defined (X)
- Integrity Req. (IR): Not Defined (X)
- Availability Req. (AR): Not Defined (X)
- Exploit Maturity (E): Not Defined (X)
Activity log
- Created suggestion
libusb < 1.0.30 NULL Pointer Dereference in parse_interface()
libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by supplying a malformed USB configuration descriptor where an interface claims bNumEndpoints greater than zero but is followed by a class-specific descriptor whose bLength exceeds the remaining buffer size, causing parse_interface() to return early without allocating the endpoint array. Attackers can exploit this flaw through libusb_get_active_config_descriptor or libusb_get_config_descriptor by providing crafted descriptors via virtualized USB passthrough, file-based descriptor parsing, or network sources, causing any application iterating over endpoints to dereference a NULL endpoint pointer and crash.
References
-
https://github.com/libusb/libusb/releases/tag/v1.0.30 release-notes
-
https://github.com/libusb/libusb/issues/1813 technical-description
-
https://github.com/libusb/libusb/pull/1814 issue-tracking
-
https://www.vulncheck.com/advisories/libusb-null-pointer-dereference-in-parse-i… third-party-advisory
Affected products
- <1.0.30
Matching in nixpkgs
pkgs.libusb1
Cross-platform user-mode USB device library
pkgs.libusbp
Pololu USB Library (also known as libusbp)
pkgs.libusbgx
C library encapsulating the kernel USB gadget-configfs userspace API functionality
-
nixos-unstable 2021-10-31
- nixpkgs-unstable 2021-10-31
- nixos-unstable-small 2021-10-31
-
nixos-25.11 2021-10-31
- nixos-25.11-small 2021-10-31
- nixpkgs-25.11-darwin 2021-10-31
pkgs.libusbsio
Library for communicating with devices connected via the USB bridge on LPC-Link2 and MCU-Link debug probes on supported NXP microcontroller evaluation boards
pkgs.libusbmuxd
Client library to multiplex connections from and to iOS devices
pkgs.libusb-compat-0_1
Cross-platform user-mode USB device library
pkgs.python312Packages.libusb1
Python ctype-based wrapper around libusb1
-
nixos-25.11 libusb1-3.3.1
- nixos-25.11-small libusb1-3.3.1
- nixpkgs-25.11-darwin libusb1-3.3.1
pkgs.python313Packages.libusb1
Python ctype-based wrapper around libusb1
-
nixos-unstable libusb1-3.3.1
- nixpkgs-unstable libusb1-3.3.1
- nixos-unstable-small libusb1-3.3.1
-
nixos-25.11 libusb1-3.3.1
- nixos-25.11-small libusb1-3.3.1
- nixpkgs-25.11-darwin libusb1-3.3.1
pkgs.python314Packages.libusb1
Python ctype-based wrapper around libusb1
-
nixos-unstable libusb1-3.3.1
- nixpkgs-unstable libusb1-3.3.1
- nixos-unstable-small libusb1-3.3.1
pkgs.python312Packages.libusbsio
LIBUSBSIO Host Library for USB Enabled MCUs
pkgs.python313Packages.libusbsio
LIBUSBSIO Host Library for USB Enabled MCUs
pkgs.python314Packages.libusbsio
LIBUSBSIO Host Library for USB Enabled MCUs
pkgs.python312Packages.libusb-package
Python package for simplified libusb distribution and usage with pyOCD
pkgs.python313Packages.libusb-package
Python package for simplified libusb distribution and usage with pyOCD
pkgs.python314Packages.libusb-package
Python package for simplified libusb distribution and usage with pyOCD
Package maintainers
-
@prusnak Pavol Rusnak <pavol@rusnak.io>
-
@i-am-logger Ido Samuelson <ido.samuelson@gmail.com>
-
@bzizou Bruno Bzeznik <Bruno@bzizou.net>
-
@frogamic Dominic Shelton <frogamic@protonmail.com>
-
@brianmcgillion Brian McGillion <bmg.avoin@gmail.com>
-
@rnhmjoj Michele Guerini Rocco <rnhmjoj@inventati.org>
-
@sbruder Simon Bruder <nixos@sbruder.de>