CVE-2025-6966

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-6966
NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service (process crash) via a crafted deb822 file with a malformed non-UTF-8 key.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://bugs.launchpad.net/ubuntu/+source/python-apt/+bug/2091865 Exploit Issue Tracking Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/12/msg00019.html Mailing List Third Party Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:ubuntu:python-apt:*:*:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:*:*:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:*:*:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:*:*:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:0.9.3.5:ubuntu1:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:0.9.3.5:ubuntu2:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:0.9.3.11:-:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:0.9.3.11:build1:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1build1:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.1:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.10:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.11:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.2:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.3:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.4:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.5:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.7:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.8:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.9:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta2ubuntu1:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta3:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta4:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta4ubuntu1:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta5:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta5ubuntu1:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.6.6:-:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:2.0.1:-:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:2.4.0:\+22.10:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:2.4.0:-:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:2.4.0:ubuntu1:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:2.4.0:ubuntu2:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:2.4.0:ubuntu3:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:2.4.0:ubuntu4:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:2.7.7:-:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:2.7.7:build1:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:2.7.7:ubuntu1:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:2.7.7:ubuntu2:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:2.7.7:ubuntu3:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:2.7.7:ubuntu4:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:2.7.7:ubuntu5:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:3.0.0:-:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:3.0.0:ubuntu1:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:-:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
History

No history.

Information

Published : 2025-12-05 13:16

Updated : 2026-01-07 22:20

NVD link : CVE-2025-6966

Mitre link : CVE-2025-6966

CVE.ORG link : CVE-2025-6966

JSON object : View

Products Affected

debian

  • debian_linux

ubuntu

  • python-apt

canonical

  • ubuntu_linux
CWE
CWE-476

NULL Pointer Dereference