Berkeley-ABC Null Pointer Dereference Vulnerability in ABC 1.1
Vulnerability
A null pointer dereference vulnerability has been identified in Berkeley-ABC ABC version 1.1. This issue occurs in the 'Abc_NtkCecFraigPart' function within the data processing module, specifically in 'base/abci/abcVerify.c'. The vulnerability leads to unpredictable program behavior, causing segmentation faults and program crashes. The null pointer dereference happens when the 'pMiterPart' variable is set to NULL and then dereferenced without proper validation, particularly when 'RetValue' equals 0. This flaw allows for a controlled crash of the application.
Impact
Exploitation of this vulnerability causes segmentation faults and program crashes, disrupting normal application operation.
Reproduction
The vulnerability can be reproduced by calling the 'Abc_NtkCecFraigPart' function with conditions that set the 'pMiterPart' variable to NULL and 'RetValue' to 0. This sequence leads to the dereference of the NULL pointer, causing a segmentation fault.
Remediation
Users can update to the latest version of Berkeley-ABC, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.