CVE-2025-6966
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-05

Last updated on: 2025-12-15

Assigner: Canonical Ltd.

Description
NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service (process crash) via a crafted deb822 file with a malformed non-UTF-8 key.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-05
Last Modified
2025-12-15
Generated
2026-06-16
AI Q&A
2025-12-05
EPSS Evaluated
2026-06-15
NVD
CVE-2025-6966
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
python python-apt 2.4.0ubuntu4.1
python python-apt 2.2.1.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a NULL pointer dereference in the TagSection.keys() function of python-apt on APT-based Linux systems. It allows a local attacker to cause a denial of service (process crash) by using a crafted deb822 file that contains a malformed non-UTF-8 key.

Impact Analysis

The vulnerability can cause a denial of service by crashing the affected process when it processes a specially crafted deb822 file with a malformed non-UTF-8 key. This could disrupt normal operations on the affected system.

Compliance Impact

The vulnerability causes a denial-of-service (DoS) condition by crashing processes handling malformed deb822 files, specifically affecting upload processing in Launchpad. It primarily results in service disruption without broader security implications such as data breach or unauthorized access. Therefore, it does not directly impact compliance with common standards and regulations like GDPR or HIPAA, which focus on data protection and privacy rather than availability alone. [1]

Detection Guidance

This vulnerability can be detected by testing for crashes or segmentation faults in the process-upload script when processing deb822 files with malformed non-UTF-8 keys. A test case involves creating a TagSection with a malformed UTF-8 key (e.g., a key like b"T\xc3st: Value\n" with the continuation byte removed) and calling the .keys() method to see if it raises a UnicodeDecodeError or causes a crash. Monitoring logs for repeated crashes or segfaults of the process-upload script can also indicate the presence of this vulnerability. Specific commands are not provided, but reproducing the test case in a controlled environment or checking for the presence of the vulnerable python-apt version can help detect the issue. [1]

Mitigation Strategies

The immediate mitigation step is to update the python-apt package to version 2.4.0ubuntu4.1 or later, which includes the security fix adding NULL pointer checks to prevent the segmentation fault. Additionally, removing any malformed deb822 files causing the crash (such as problematic uploads in PPAs or archives) will unblock the process-upload script. Monitoring and restricting uploads to prevent malformed files can also help mitigate the issue until the patch is applied. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-6966. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart