CVEFinder.io

CVE-2025-6966

🔶 medium
Summary

NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service (process crash) via a crafted deb822 file with a malformed non-UTF-8 key.

CVSS Score
5.5
Medium
EPSS Score
0.0
Exploit Probability
Published Date
2025-12-05
First Seen: 2026-01-05
Last Modified 2026-01-07
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS Vector 4.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE IDs (Weakness Types)
CWE-476

🔗 References 2

https://bugs.launchpad.net/ubuntu/+source/python-apt...
Exploit Issue Tracking Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/12...
Mailing List Third Party Advisory

📦 Affected Products 13

Vendor Product Status Affected Versions
debian debian_linux Affected
v11.0
ubuntu python-apt Affected
< 0.9.3.11
ubuntu python-apt Affected
≥ 1.6.0 < 1.6.6
ubuntu python-apt Affected
≥ 2.0.0 < 2.0.1
ubuntu python-apt Affected
≥ 2.7.0 < 2.7.7
ubuntu python-apt Affected
v0.9.3.11
ubuntu python-apt Affected
v0.9.3.5
ubuntu python-apt Affected
v1.1.0
ubuntu python-apt Affected
v1.6.6
ubuntu python-apt Affected
v2.0.1
ubuntu python-apt Affected
v2.4.0
ubuntu python-apt Affected
v2.7.7
ubuntu python-apt Affected
v3.0.0

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2025-68670 ⛔ critical 9.1 0.3 xrdp is an open source RDP server. xrdp before v0.10.5 contains an unauthenticated stack-based buffer overflow vulnerabi... 2026-01-27
CVE-2026-24061 ⛔ critical 9.8 29.6 telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment ... 2026-01-21
CVE-2025-63498 🔶 medium 6.1 0.1 alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the "userName" parameter. 2025-11-24
CVE-2025-64512 ⚠️ high 8.6 0.1 Pdfminer.six is a community maintained fork of the original PDFMiner, a tool for extracting information from PDF documen... 2025-11-10
CVE-2025-10921 ⚠️ high 7.8 0.1 GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote a... 2025-10-29
CVE-2025-10922 ⚠️ high 7.8 0.1 GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote a... 2025-10-29
These CVEs affect the same products