CVE-2026-47104

4.0 MEDIUM
Published: May 27, 2026 Modified: May 28, 2026
View on NVD

Description

libusb before version 1.0.30 contains a one-byte out-of-bounds read vulnerability in parse_iad_array() in descriptor.c that allows attackers to trigger a denial of service by supplying a malformed USB descriptor whose bLength equals size minus one, causing the bounds check to use the original buffer size instead of the remaining size. Attackers in virtualized environments with USB passthrough can supply crafted descriptors through libusb_get_active_interface_association_descriptors or libusb_get_interface_association_descriptors to read one byte past the end of the malloc allocation, resulting in a denial of service.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://github.com/libusb/libusb/commit/578ab76b4c434f8b204137ab6d7310689c7a9704
Source: disclosure@vulncheck.com
Patch
https://github.com/libusb/libusb/issues/1813
Source: disclosure@vulncheck.com
Issue Tracking Mitigation
https://github.com/libusb/libusb/pull/1814
Source: disclosure@vulncheck.com
Issue Tracking Patch
https://github.com/libusb/libusb/releases/tag/v1.0.30
Source: disclosure@vulncheck.com
Product Release Notes
https://www.vulncheck.com/advisories/libusb-out-of-bounds-read-in-parse-iad-array
Source: disclosure@vulncheck.com
Patch Third Party Advisory

5 reference(s) from NVD

Quick Stats

CVSS v3 Score
4.0 / 10.0
EPSS (Exploit Probability)
0.1%
3th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-125

Affected Vendors

libusb

Related CVEs

CVE-2026-48777 N/A
CVE-2026-47750 7.8
CVE-2026-47747 7.8
CVE-2026-46448 5.4
CVE-2026-22313 9.1