FKIE_CVE-2025-6966
Vulnerability from fkie_nvd - Published: 2025-12-05 13:16 - Updated: 2026-01-07 22:20
Severity ?
Summary
NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service (process crash) via a crafted deb822 file with a malformed non-UTF-8 key.
References
| URL | Tags | ||
|---|---|---|---|
| security@ubuntu.com | https://bugs.launchpad.net/ubuntu/+source/python-apt/+bug/2091865 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2025/12/msg00019.html | Mailing List, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ubuntu:python-apt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFC88CF-9186-4A10-91B0-85D8E30E6849",
"versionEndExcluding": "0.9.3.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubuntu:python-apt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "588612AB-3369-44AC-B37F-8E264C303EF1",
"versionEndExcluding": "1.6.6",
"versionStartIncluding": "1.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubuntu:python-apt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06A96A3F-D264-4142-9971-763179D99EE8",
"versionEndExcluding": "2.0.1",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubuntu:python-apt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95EB3FF3-A940-4824-BEEA-4D7238F225B4",
"versionEndExcluding": "2.7.7",
"versionStartIncluding": "2.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubuntu:python-apt:0.9.3.5:ubuntu1:*:*:*:*:*:*",
"matchCriteriaId": "420F0F94-6271-46B6-A764-F80734025924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubuntu:python-apt:0.9.3.5:ubuntu2:*:*:*:*:*:*",
"matchCriteriaId": "4FBFE40A-1CFD-421F-9EB1-78A655CB4D18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubuntu:python-apt:0.9.3.11:-:*:*:*:*:*:*",
"matchCriteriaId": "4CDCA5CA-153F-4092-B762-BBD918325450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubuntu:python-apt:0.9.3.11:build1:*:*:*:*:*:*",
"matchCriteriaId": "D482EEB5-065A-4AFD-A2B0-3F8BB1AAED70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4E64022C-0775-4DD2-9B57-490EE4E5147C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1build1:*:*:*:*:*:*",
"matchCriteriaId": "09B3C47B-8C39-454E-9604-61EFF6F271E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.1:*:*:*:*:*:*",
"matchCriteriaId": "84D6B098-CDA0-489A-A0F2-9E30398ACFCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.10:*:*:*:*:*:*",
"matchCriteriaId": "0B934792-848D-487D-8EA2-7091CC2FC110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.11:*:*:*:*:*:*",
"matchCriteriaId": "22F599D3-8906-43B2-B16E-2AAAD6BCDE64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.2:*:*:*:*:*:*",
"matchCriteriaId": "DC1A8478-5D50-4574-8ED5-D4DC1617128C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.3:*:*:*:*:*:*",
"matchCriteriaId": "02ED67EF-AD26-44D9-966E-7F2EFACA98FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.4:*:*:*:*:*:*",
"matchCriteriaId": "8EF37D60-DF9C-494D-9E99-CAF2688D2709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.5:*:*:*:*:*:*",
"matchCriteriaId": "DF4CF123-0348-4DBA-87AC-8C02CB6C560A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.7:*:*:*:*:*:*",
"matchCriteriaId": "82037D48-4939-4B04-9206-4E34ECC7D967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.8:*:*:*:*:*:*",
"matchCriteriaId": "A70FB1AF-A3B1-4281-8876-6E02F9AC5EC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.9:*:*:*:*:*:*",
"matchCriteriaId": "2F7DA069-24F5-49B8-AD16-6F7DDA10EACA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubuntu:python-apt:1.1.0:beta2ubuntu1:*:*:*:*:*:*",
"matchCriteriaId": "4BED2C39-63CE-48C2-BF11-68A197523B58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubuntu:python-apt:1.1.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "2C4FF975-FC40-4275-BD3A-68F49B576383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubuntu:python-apt:1.1.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "D49FB11C-9ED0-4BC6-9925-AA19EC365670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubuntu:python-apt:1.1.0:beta4ubuntu1:*:*:*:*:*:*",
"matchCriteriaId": "ADF13189-C777-41C4-BC2E-FDFD242CCB2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubuntu:python-apt:1.1.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "7EA6F019-7192-4744-B9B6-BC519C1CF89B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubuntu:python-apt:1.1.0:beta5ubuntu1:*:*:*:*:*:*",
"matchCriteriaId": "E7BB1942-5C63-47DB-B7FB-8F2E44C3D72C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubuntu:python-apt:1.6.6:-:*:*:*:*:*:*",
"matchCriteriaId": "50542436-1065-43B8-B363-6FE2F71E930D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubuntu:python-apt:2.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "59D878E2-3B14-4681-84C9-C37D97A71015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubuntu:python-apt:2.4.0:\\+22.10:*:*:*:*:*:*",
"matchCriteriaId": "26BD769D-4CD3-436B-8FAB-CE24EDA894DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubuntu:python-apt:2.4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "973BA769-71AB-430E-B44D-766AE3BFF57D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubuntu:python-apt:2.4.0:ubuntu1:*:*:*:*:*:*",
"matchCriteriaId": "3A80FF30-09E7-4F3B-B2B8-23AFD001392D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubuntu:python-apt:2.4.0:ubuntu2:*:*:*:*:*:*",
"matchCriteriaId": "E035B516-1438-4C40-B707-6C36DF328C75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubuntu:python-apt:2.4.0:ubuntu3:*:*:*:*:*:*",
"matchCriteriaId": "31C048CB-97CF-4288-A932-1505C801C589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubuntu:python-apt:2.4.0:ubuntu4:*:*:*:*:*:*",
"matchCriteriaId": "25A95C99-25DF-4921-8B35-46AE3CE1B55E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubuntu:python-apt:2.7.7:-:*:*:*:*:*:*",
"matchCriteriaId": "6C170D60-1E62-4C00-BC13-B2126DF0ACB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubuntu:python-apt:2.7.7:build1:*:*:*:*:*:*",
"matchCriteriaId": "F8F47B17-9A14-42DF-891E-FBA4E8BD9C91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubuntu:python-apt:2.7.7:ubuntu1:*:*:*:*:*:*",
"matchCriteriaId": "0B5A8EFB-D5AF-4323-A690-6C5E9B79EDE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubuntu:python-apt:2.7.7:ubuntu2:*:*:*:*:*:*",
"matchCriteriaId": "448D39D6-35C2-4946-AC13-57C17A4A9E31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubuntu:python-apt:2.7.7:ubuntu3:*:*:*:*:*:*",
"matchCriteriaId": "97C25031-1A54-4080-A05E-AD262CFFFF16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubuntu:python-apt:2.7.7:ubuntu4:*:*:*:*:*:*",
"matchCriteriaId": "CC8B971D-2D1C-4C90-A8F8-F32037573302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubuntu:python-apt:2.7.7:ubuntu5:*:*:*:*:*:*",
"matchCriteriaId": "230009BC-97C9-4E78-A6C5-B4E5241F9EA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubuntu:python-apt:3.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "42FBA584-2F46-4D59-B233-5579A81CC833",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ubuntu:python-apt:3.0.0:ubuntu1:*:*:*:*:*:*",
"matchCriteriaId": "D79E706D-D025-438B-979A-921274DC9285",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:-:*:*:*:*:*:*:*",
"matchCriteriaId": "019A2188-0877-45DE-8512-F0BF70DD179C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service (process crash) via a crafted deb822 file with a malformed non-UTF-8 key."
}
],
"id": "CVE-2025-6966",
"lastModified": "2026-01-07T22:20:56.370",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security@ubuntu.com",
"type": "Secondary"
}
]
},
"published": "2025-12-05T13:16:05.220",
"references": [
{
"source": "security@ubuntu.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/python-apt/+bug/2091865"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2025/12/msg00019.html"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "security@ubuntu.com",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…