CVE-2025-6966

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-6966
NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service (process crash) via a crafted deb822 file with a malformed non-UTF-8 key.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://bugs.launchpad.net/ubuntu/+source/python-apt/+bug/2091865 Exploit Issue Tracking Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/12/msg00019.html Mailing List Third Party Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:ubuntu:python-apt:*:*:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:*:*:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:*:*:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:*:*:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:0.9.3.5:ubuntu1:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:0.9.3.5:ubuntu2:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:0.9.3.11:-:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:0.9.3.11:build1:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1build1:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.1:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.10:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.11:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.2:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.3:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.4:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.5:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.7:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.8:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.9:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta2ubuntu1:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta3:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta4:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta4ubuntu1:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta5:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta5ubuntu1:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.6.6:-:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:2.0.1:-:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:2.4.0:\+22.10:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:2.4.0:-:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:2.4.0:ubuntu1:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:2.4.0:ubuntu2:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:2.4.0:ubuntu3:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:2.4.0:ubuntu4:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:2.7.7:-:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:2.7.7:build1:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:2.7.7:ubuntu1:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:2.7.7:ubuntu2:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:2.7.7:ubuntu3:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:2.7.7:ubuntu4:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:2.7.7:ubuntu5:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:3.0.0:-:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:3.0.0:ubuntu1:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:-:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
History

07 Jan 2026, 22:20

Type Values Removed Values Added
First Time Ubuntu
Debian debian Linux
Ubuntu python-apt
Canonical
Debian
Canonical ubuntu Linux
References () https://bugs.launchpad.net/ubuntu/+source/python-apt/+bug/2091865 - () https://bugs.launchpad.net/ubuntu/+source/python-apt/+bug/2091865 - Exploit, Issue Tracking, Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2025/12/msg00019.html - () https://lists.debian.org/debian-lts-announce/2025/12/msg00019.html - Mailing List, Third Party Advisory
CPE cpe:2.3:a:ubuntu:python-apt:2.4.0:\+22.10:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.3:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:2.4.0:-:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:3.0.0:ubuntu1:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:-:*:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.10:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta5:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:0.9.3.11:-:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:2.4.0:ubuntu4:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:0.9.3.11:build1:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:2.4.0:ubuntu2:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:2.7.7:ubuntu4:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:2.0.1:-:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:2.7.7:-:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.2:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.7:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.4:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta4ubuntu1:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:*:*:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:0.9.3.5:ubuntu1:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta2ubuntu1:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:2.7.7:ubuntu2:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:2.4.0:ubuntu1:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.6.6:-:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.5:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:2.7.7:ubuntu1:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.8:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta3:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:3.0.0:-:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.11:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.9:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1build1:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta5ubuntu1:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:2.7.7:build1:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.1:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:0.9.3.5:ubuntu2:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:2.4.0:ubuntu3:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:1.1.0:beta4:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:2.7.7:ubuntu3:*:*:*:*:*:*
cpe:2.3:a:ubuntu:python-apt:2.7.7:ubuntu5:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5

15 Dec 2025, 22:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2025/12/msg00019.html -

08 Dec 2025, 14:16

Type Values Removed Values Added
Summary (en) NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service (process crash) via a crafted deb822 file with a malformed non-UTF-8 key. (en) NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service (process crash) via a crafted deb822 file with a malformed non-UTF-8 key.

05 Dec 2025, 13:16

Type Values Removed Values Added
New CVE
Information

Published : 2025-12-05 13:16

Updated : 2026-01-07 22:20

NVD link : CVE-2025-6966

Mitre link : CVE-2025-6966

CVE.ORG link : CVE-2025-6966

JSON object : View

Products Affected

debian

  • debian_linux

ubuntu

  • python-apt

canonical

  • ubuntu_linux
CWE
CWE-476

NULL Pointer Dereference