CVE-2025-45333

| EUVD-2025-19136 HIGH
2025-06-25 [email protected]
7.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Patch Released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 15, 2026 - 23:19 vuln.today
EUVD ID Assigned
Mar 15, 2026 - 23:19 euvd
EUVD-2025-19136
PoC Detected
Jul 09, 2025 - 19:06 vuln.today
Public exploit code
CVE Published
Jun 25, 2025 - 20:15 nvd
HIGH 7.5

Tags

Null Pointer Dereference Denial Of Service Abc

Description

berkeley-abc abc 1.1 contains a Null Pointer Dereference (NPD) vulnerability in the Abc_NtkCecFraigPart function of its data processing module, leading to unpredictable program behavior, causing segmentation faults, and program crashes.

Analysis

CVE-2025-45333 is a Null Pointer Dereference vulnerability in Berkeley ABC (version 1.1) within the Abc_NtkCecFraigPart function that causes denial of service through segmentation faults and program crashes. The vulnerability is remotely exploitable without authentication or user interaction, affecting any system running the vulnerable ABC library for circuit synthesis and verification tasks. An attacker can trigger a crash by providing malformed input to the data processing module, resulting in complete service unavailability.

Technical Context

Berkeley ABC (A System for Sequential Synthesis and Verification) is a widely-used open-source framework for logic synthesis, technology mapping, and formal verification. The Abc_NtkCecFraigPart function is part of the combinational equivalence checking (CEC) and FRAIG (Functionally Reduced And-Inverter Graph) modules. CWE-476 (Null Pointer Dereference) occurs when the code attempts to dereference a pointer that has not been properly validated as non-null before use. In this case, the vulnerability exists in the data processing module's handling of network topology structures, likely when processing circuit graphs with specific structural characteristics that leave intermediate pointers uninitialized. The affected CPE would be: cpe:2.3:a:berkeley-abc:abc:1.1:*:*:*:*:*:*:*. This library is commonly integrated into EDA (Electronic Design Automation) tools, formal verification platforms, and circuit optimization workflows.

Affected Products

Berkeley ABC (['1.1'])

Priority Score

58
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +38
POC: +20

Vendor Status

Ubuntu

Priority: Medium
berkeley-abc
Release Status Version
xenial needs-triage -
bionic needs-triage -
focal needs-triage -
jammy needs-triage -
noble DNE -
oracular DNE -
plucky DNE -
upstream needs-triage -
questing DNE -

Debian

berkeley-abc
Release Status Fixed Version Urgency
bullseye vulnerable 1.01+20191006git52a8ebb+dfsg-1 -
bookworm vulnerable 1.01+20221019git70cb339+dfsg-4 -
(unstable) fixed (unfixed) unimportant

Share

CVE-2025-45333 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy