CVE-2025-6966

Medium CVSS: 6.9

NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service (process crash) via a crafted deb822 file with a malformed non-UTF-8 key.

Vendor

Ubuntu

Product

Python-apt

CWE

CWE-476

Yayın Tarihi

2025-12-05 13:16:05

Güncelleme

2026-01-07 22:20:56

Source Identifier

security@ubuntu.com

KEV Date Added

Kategoriler

CWE-476 Python-apt MEDIUM Ubuntu 2025

Referanslar

https://bugs.launchpad.net/ubuntu/+source/python-apt/+bug/2091865 https://lists.debian.org/debian-lts-announce/2025/12/msg00019.html