CVE-2025-45333
BaseFortify
Publication date: 2025-06-25
Last updated on: 2025-07-09
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| berkeley-abc | abc | 1.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Null Pointer Dereference in the function Abc_NtkCecFraigPart of the Berkeley ABC tool version 1.1. Under certain conditions during processing, a pointer named pMiterPart is set to NULL but later dereferenced without checking if it is NULL. This causes the program to crash or behave unpredictably due to accessing invalid memory. [1, 2]
How can this vulnerability impact me? :
This vulnerability can cause the program to crash or exhibit undefined behavior during equivalence checking operations in the ABC synthesis tool. This may interrupt workflows, cause loss of data or results, and reduce the reliability of the software. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for crashes or segmentation faults occurring during the execution of the Berkeley ABC tool, specifically when running equivalence checking operations involving the function Abc_NtkCecFraigPart. Since the issue arises from a null pointer dereference, running the tool with debugging enabled or under a debugger (e.g., gdb) and observing if the program crashes at Abc_NtkVerifySimulatePattern can help detect it. There are no specific network detection commands since this is a local software vulnerability. Suggested commands include running the abc tool under gdb: `gdb --args abc <your-commands>` and then using `run` to start and `bt` to get a backtrace if it crashes. Additionally, checking logs for segmentation faults or core dumps related to abc executions can help detect the issue. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Berkeley ABC tool to a version that includes the fix merged in pull request #383, which prevents dereferencing the null pointer by ensuring pMiterPart is not NULL before use. If updating is not immediately possible, avoid running equivalence checking operations that trigger the vulnerable code path in Abc_NtkCecFraigPart. Additionally, running the tool with input that does not cause RetValue to be 0 or avoiding the use of the affected function can reduce risk. Monitoring for crashes and applying patches as soon as they are available is recommended. [1]