Home

Description

NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service (process crash) via a crafted deb822 file with a malformed non-UTF-8 key.

PUBLISHED Reserved 2025-07-01 | Published 2025-12-05 | Updated 2025-12-05 | Assigner canonical




MEDIUM: 6.9CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-476 NULL Pointer Dereference

Product status

Default status
unaffected

Any version
affected

Credits

Julian Andres Klode finder

References

bugs.launchpad.net/ubuntu/+source/python-apt/+bug/2091865

cve.org (CVE-2025-6966)

nvd.nist.gov (CVE-2025-6966)