CVE-2025-6966

Summary

NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service (process crash) via a crafted deb822 file with a malformed non-UTF-8 key.

Affected Software

VendorProductVersion RangeStatus
Canonicalpython-apt3.0 < 3.0.0ubuntu1.1affected
Canonicalpython-apt3.0 < 3.0.0ubuntu0.25.04.1affected
Canonicalpython-apt2.7 < 2.7.7ubuntu5.1affected
Canonicalpython-apt2.4 < 2.4.0ubuntu4.1affected
Canonicalpython-apt2.0 < 2.0.1ubuntu0.20.04.1+esm1affected
Canonicalpython-apt1.6 < 1.6.6ubuntu0.1~esm1affected
Canonicalpython-apt1.1 < 1.1.0~beta1ubuntu0.16.04.12+esm1affected
Canonicalpython-apt0 < 0.9.3.5ubuntu3+esm5affected

Weaknesses

  • CWE-476: CWE-476 NULL Pointer Dereference

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References