CVE-2025-6966

MEDIUM

Ubuntu Python-apt < 0.9.3.11 - NULL Pointer Dereference

Title source: rule

Description

NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service (process crash) via a crafted deb822 file with a malformed non-UTF-8 key.

References (2)

[Exploit, Issue Tracking, Third Party Advisory] https://bugs.launchpad.net/ubuntu/+source/python-apt/+bug/2091865

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2025/12/msg00019.html

Scores

CVSS v3 5.5

EPSS 0.0002

EPSS Percentile 4.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-476

Status published

Affected Products (41)

ubuntu/python-apt < 0.9.3.11

ubuntu/python-apt

... and 26 more

Timeline

Published Dec 05, 2025

Tracked Since Feb 18, 2026