Suggestions search

Untriaged

Filter by:

With package: python313Packages.libusbsio

Found 2 matching suggestions

View:

Compact

Detailed

Permalink CVE-2026-47104

5.1 MEDIUM

CVSS version (CVSS): 4.0
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): None (N)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Vulnerable System Impact Confidentiality (VC): None (N)
Vulnerable System Impact Integrity (VI): None (N)
Vulnerable System Impact Availability (VA): Low (L)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): None (N)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Vulnerable System Impact Confidentiality (MVC): None (N)
Modified Vulnerable System Impact Integrity (MVI): None (N)
Modified Vulnerable System Impact Availability (MVA): Low (L)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)
Exploit Maturity (E): Not Defined (X)

created 4 days, 17 hours ago Activity log

Created suggestion 4 days, 17 hours ago

libusb < 1.0.30 Out-of-Bounds Read in parse_iad_array()

libusb before version 1.0.30 contains a one-byte out-of-bounds read vulnerability in parse_iad_array() in descriptor.c that allows attackers to trigger a denial of service by supplying a malformed USB descriptor whose bLength equals size minus one, causing the bounds check to use the original buffer size instead of the remaining size. Attackers in virtualized environments with USB passthrough can supply crafted descriptors through libusb_get_active_interface_association_descriptors or libusb_get_interface_association_descriptors to read one byte past the end of the malloc allocation, resulting in a denial of service.

References

https://github.com/libusb/libusb/releases/tag/v1.0.30 release-notes
https://github.com/libusb/libusb/issues/1813 technical-description
https://github.com/libusb/libusb/pull/1814 issue-tracking
https://github.com/libusb/libusb/commit/578ab76b4c434f8b204137ab6d7310689c7a9704 patch
https://www.vulncheck.com/advisories/libusb-out-of-bounds-read-in-parse-iad-arr… third-party-advisory

Affected products

libusb

<1.0.30

Matching in nixpkgs

pkgs.libusb1

Cross-platform user-mode USB device library

nixos-unstable 1.0.29
- nixpkgs-unstable 1.0.29
- nixos-unstable-small 1.0.29
nixos-25.11 1.0.29
- nixos-25.11-small 1.0.29
- nixpkgs-25.11-darwin 1.0.29

pkgs.libusbp

Pololu USB Library (also known as libusbp)

nixos-unstable 1.3.1
- nixpkgs-unstable 1.3.1
- nixos-unstable-small 1.3.1
nixos-25.11 1.3.1
- nixos-25.11-small 1.3.1
- nixpkgs-25.11-darwin 1.3.1

pkgs.libusbgx

C library encapsulating the kernel USB gadget-configfs userspace API functionality

nixos-unstable 2021-10-31
- nixpkgs-unstable 2021-10-31
- nixos-unstable-small 2021-10-31
nixos-25.11 2021-10-31
- nixos-25.11-small 2021-10-31
- nixpkgs-25.11-darwin 2021-10-31

pkgs.libusbsio

Library for communicating with devices connected via the USB bridge on LPC-Link2 and MCU-Link debug probes on supported NXP microcontroller evaluation boards

nixos-unstable 2.1.11
- nixpkgs-unstable 2.1.11
- nixos-unstable-small 2.1.11
nixos-25.11 2.1.11
- nixos-25.11-small 2.1.11
- nixpkgs-25.11-darwin 2.1.11

pkgs.libusbmuxd

Client library to multiplex connections from and to iOS devices

nixos-unstable 2.1.1
- nixpkgs-unstable 2.1.1
- nixos-unstable-small 2.1.1
nixos-25.11 2.1.1
- nixos-25.11-small 2.1.1
- nixpkgs-25.11-darwin 2.1.1

pkgs.libusb-compat-0_1

Cross-platform user-mode USB device library

nixos-unstable 0.1.8
- nixpkgs-unstable 0.1.8
- nixos-unstable-small 0.1.8
nixos-25.11 0.1.8
- nixos-25.11-small 0.1.8
- nixpkgs-25.11-darwin 0.1.8

pkgs.python312Packages.libusb1

Python ctype-based wrapper around libusb1

nixos-25.11 libusb1-3.3.1
- nixos-25.11-small libusb1-3.3.1
- nixpkgs-25.11-darwin libusb1-3.3.1

pkgs.python313Packages.libusb1

Python ctype-based wrapper around libusb1

nixos-unstable libusb1-3.3.1
- nixpkgs-unstable libusb1-3.3.1
- nixos-unstable-small libusb1-3.3.1
nixos-25.11 libusb1-3.3.1
- nixos-25.11-small libusb1-3.3.1
- nixpkgs-25.11-darwin libusb1-3.3.1

pkgs.python314Packages.libusb1

Python ctype-based wrapper around libusb1

nixos-unstable libusb1-3.3.1
- nixpkgs-unstable libusb1-3.3.1
- nixos-unstable-small libusb1-3.3.1

pkgs.python312Packages.libusbsio

LIBUSBSIO Host Library for USB Enabled MCUs

nixos-25.11 2.1.13
- nixos-25.11-small 2.1.13
- nixpkgs-25.11-darwin 2.1.13

pkgs.python313Packages.libusbsio

LIBUSBSIO Host Library for USB Enabled MCUs

nixos-unstable 2.1.13
- nixpkgs-unstable 2.1.13
- nixos-unstable-small 2.1.13
nixos-25.11 2.1.13
- nixos-25.11-small 2.1.13
- nixpkgs-25.11-darwin 2.1.13

pkgs.python314Packages.libusbsio

LIBUSBSIO Host Library for USB Enabled MCUs

nixos-unstable 2.1.13
- nixpkgs-unstable 2.1.13
- nixos-unstable-small 2.1.13

pkgs.python312Packages.libusb-package

Python package for simplified libusb distribution and usage with pyOCD

nixos-25.11 1.0.26.3
- nixos-25.11-small 1.0.26.3
- nixpkgs-25.11-darwin 1.0.26.3

pkgs.python313Packages.libusb-package

Python package for simplified libusb distribution and usage with pyOCD

nixos-unstable 1.0.26.3
- nixpkgs-unstable 1.0.26.3
- nixos-unstable-small 1.0.26.3
nixos-25.11 1.0.26.3
- nixos-25.11-small 1.0.26.3
- nixpkgs-25.11-darwin 1.0.26.3

pkgs.python314Packages.libusb-package

Python package for simplified libusb distribution and usage with pyOCD

nixos-unstable 1.0.26.3
- nixpkgs-unstable 1.0.26.3
- nixos-unstable-small 1.0.26.3

Package maintainers

@prusnak Pavol Rusnak <pavol@rusnak.io>
@i-am-logger Ido Samuelson <ido.samuelson@gmail.com>
@bzizou Bruno Bzeznik <Bruno@bzizou.net>
@frogamic Dominic Shelton <frogamic@protonmail.com>
@brianmcgillion Brian McGillion <bmg.avoin@gmail.com>
@rnhmjoj Michele Guerini Rocco <rnhmjoj@inventati.org>
@sbruder Simon Bruder <nixos@sbruder.de>

Permalink CVE-2026-23679

6.9 MEDIUM

CVSS version (CVSS): 4.0
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): None (N)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Vulnerable System Impact Confidentiality (VC): None (N)
Vulnerable System Impact Integrity (VI): None (N)
Vulnerable System Impact Availability (VA): High (H)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): None (N)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Vulnerable System Impact Confidentiality (MVC): None (N)
Modified Vulnerable System Impact Integrity (MVI): None (N)
Modified Vulnerable System Impact Availability (MVA): High (H)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)
Exploit Maturity (E): Not Defined (X)

created 4 days, 18 hours ago Activity log

Created suggestion 4 days, 18 hours ago

libusb < 1.0.30 NULL Pointer Dereference in parse_interface()

libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by supplying a malformed USB configuration descriptor where an interface claims bNumEndpoints greater than zero but is followed by a class-specific descriptor whose bLength exceeds the remaining buffer size, causing parse_interface() to return early without allocating the endpoint array. Attackers can exploit this flaw through libusb_get_active_config_descriptor or libusb_get_config_descriptor by providing crafted descriptors via virtualized USB passthrough, file-based descriptor parsing, or network sources, causing any application iterating over endpoints to dereference a NULL endpoint pointer and crash.

References

https://github.com/libusb/libusb/releases/tag/v1.0.30 release-notes
https://github.com/libusb/libusb/issues/1813 technical-description
https://github.com/libusb/libusb/pull/1814 issue-tracking
https://github.com/libusb/libusb/commit/578ab76b4c434f8b204137ab6d7310689c7a9704 patch
https://www.vulncheck.com/advisories/libusb-null-pointer-dereference-in-parse-i… third-party-advisory

Affected products

libusb

<1.0.30

Matching in nixpkgs

pkgs.libusb1

Cross-platform user-mode USB device library

nixos-unstable 1.0.29
- nixpkgs-unstable 1.0.29
- nixos-unstable-small 1.0.29
nixos-25.11 1.0.29
- nixos-25.11-small 1.0.29
- nixpkgs-25.11-darwin 1.0.29

pkgs.libusbp

Pololu USB Library (also known as libusbp)

nixos-unstable 1.3.1
- nixpkgs-unstable 1.3.1
- nixos-unstable-small 1.3.1
nixos-25.11 1.3.1
- nixos-25.11-small 1.3.1
- nixpkgs-25.11-darwin 1.3.1

pkgs.libusbgx

C library encapsulating the kernel USB gadget-configfs userspace API functionality

nixos-unstable 2021-10-31
- nixpkgs-unstable 2021-10-31
- nixos-unstable-small 2021-10-31
nixos-25.11 2021-10-31
- nixos-25.11-small 2021-10-31
- nixpkgs-25.11-darwin 2021-10-31

pkgs.libusbsio

Library for communicating with devices connected via the USB bridge on LPC-Link2 and MCU-Link debug probes on supported NXP microcontroller evaluation boards

nixos-unstable 2.1.11
- nixpkgs-unstable 2.1.11
- nixos-unstable-small 2.1.11
nixos-25.11 2.1.11
- nixos-25.11-small 2.1.11
- nixpkgs-25.11-darwin 2.1.11

pkgs.libusbmuxd

Client library to multiplex connections from and to iOS devices

nixos-unstable 2.1.1
- nixpkgs-unstable 2.1.1
- nixos-unstable-small 2.1.1
nixos-25.11 2.1.1
- nixos-25.11-small 2.1.1
- nixpkgs-25.11-darwin 2.1.1

pkgs.libusb-compat-0_1

Cross-platform user-mode USB device library

nixos-unstable 0.1.8
- nixpkgs-unstable 0.1.8
- nixos-unstable-small 0.1.8
nixos-25.11 0.1.8
- nixos-25.11-small 0.1.8
- nixpkgs-25.11-darwin 0.1.8

pkgs.python312Packages.libusb1

Python ctype-based wrapper around libusb1

nixos-25.11 libusb1-3.3.1
- nixos-25.11-small libusb1-3.3.1
- nixpkgs-25.11-darwin libusb1-3.3.1

pkgs.python313Packages.libusb1

Python ctype-based wrapper around libusb1

nixos-unstable libusb1-3.3.1
- nixpkgs-unstable libusb1-3.3.1
- nixos-unstable-small libusb1-3.3.1
nixos-25.11 libusb1-3.3.1
- nixos-25.11-small libusb1-3.3.1
- nixpkgs-25.11-darwin libusb1-3.3.1

pkgs.python314Packages.libusb1

Python ctype-based wrapper around libusb1

nixos-unstable libusb1-3.3.1
- nixpkgs-unstable libusb1-3.3.1
- nixos-unstable-small libusb1-3.3.1

pkgs.python312Packages.libusbsio

LIBUSBSIO Host Library for USB Enabled MCUs

nixos-25.11 2.1.13
- nixos-25.11-small 2.1.13
- nixpkgs-25.11-darwin 2.1.13

pkgs.python313Packages.libusbsio

LIBUSBSIO Host Library for USB Enabled MCUs

nixos-unstable 2.1.13
- nixpkgs-unstable 2.1.13
- nixos-unstable-small 2.1.13
nixos-25.11 2.1.13
- nixos-25.11-small 2.1.13
- nixpkgs-25.11-darwin 2.1.13

pkgs.python314Packages.libusbsio

LIBUSBSIO Host Library for USB Enabled MCUs

nixos-unstable 2.1.13
- nixpkgs-unstable 2.1.13
- nixos-unstable-small 2.1.13

pkgs.python312Packages.libusb-package

Python package for simplified libusb distribution and usage with pyOCD

nixos-25.11 1.0.26.3
- nixos-25.11-small 1.0.26.3
- nixpkgs-25.11-darwin 1.0.26.3

pkgs.python313Packages.libusb-package

Python package for simplified libusb distribution and usage with pyOCD

nixos-unstable 1.0.26.3
- nixpkgs-unstable 1.0.26.3
- nixos-unstable-small 1.0.26.3
nixos-25.11 1.0.26.3
- nixos-25.11-small 1.0.26.3
- nixpkgs-25.11-darwin 1.0.26.3

pkgs.python314Packages.libusb-package

Python package for simplified libusb distribution and usage with pyOCD

nixos-unstable 1.0.26.3
- nixpkgs-unstable 1.0.26.3
- nixos-unstable-small 1.0.26.3

Package maintainers

@prusnak Pavol Rusnak <pavol@rusnak.io>
@i-am-logger Ido Samuelson <ido.samuelson@gmail.com>
@bzizou Bruno Bzeznik <Bruno@bzizou.net>
@frogamic Dominic Shelton <frogamic@protonmail.com>
@brianmcgillion Brian McGillion <bmg.avoin@gmail.com>
@rnhmjoj Michele Guerini Rocco <rnhmjoj@inventati.org>
@sbruder Simon Bruder <nixos@sbruder.de>