Null-pointer dereference in python-apt TagSection.keys()
CVE-2025-6966

6.9MEDIUM

Key Information:

Vendor: Canonical
Status: Python-apt
Vendor: CVE Published:; 5 December 2025

What is CVE-2025-6966?

NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service (process crash) via a crafted deb822 file with a malformed non-UTF-8 key.

Affected Version(s)

python-apt Linux 0

References

https://bugs.launchpad.net/ubuntu/+source/python-apt/+bug...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 5, 2025
Vulnerability Reserved
Jul 1, 2025

Credit

Julian Andres Klode

JSON

Canonical

What is CVE-2025-6966?

Affected Version(s)

References

CVSS V4

Timeline

Credit