CVE-2025-6966
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-6966, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-05

Last updated on: 2025-12-15

Assigner: Canonical Ltd.

Description

NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service (process crash) via a crafted deb822 file with a malformed non-UTF-8 key.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-05
Last Modified
2025-12-15
Generated
2026-07-06
AI Q&A
2025-12-05
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
python python-apt 2.4.0ubuntu4.1
python python-apt 2.2.1.1

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a NULL pointer dereference in the TagSection.keys() function of python-apt on APT-based Linux systems. It allows a local attacker to cause a denial of service (process crash) by using a crafted deb822 file that contains a malformed non-UTF-8 key.

Impact Analysis

The vulnerability can cause a denial of service by crashing the affected process when it processes a specially crafted deb822 file with a malformed non-UTF-8 key. This could disrupt normal operations on the affected system.

Compliance Impact

The vulnerability causes a denial-of-service (DoS) condition by crashing processes handling malformed deb822 files, specifically affecting upload processing in Launchpad. It primarily results in service disruption without broader security implications such as data breach or unauthorized access. Therefore, it does not directly impact compliance with common standards and regulations like GDPR or HIPAA, which focus on data protection and privacy rather than availability alone. [1]

Detection Guidance

This vulnerability can be detected by testing for crashes or segmentation faults in the process-upload script when processing deb822 files with malformed non-UTF-8 keys. A test case involves creating a TagSection with a malformed UTF-8 key (e.g., a key like b"T\xc3st: Value\n" with the continuation byte removed) and calling the .keys() method to see if it raises a UnicodeDecodeError or causes a crash. Monitoring logs for repeated crashes or segfaults of the process-upload script can also indicate the presence of this vulnerability. Specific commands are not provided, but reproducing the test case in a controlled environment or checking for the presence of the vulnerable python-apt version can help detect the issue. [1]

Mitigation Strategies

The immediate mitigation step is to update the python-apt package to version 2.4.0ubuntu4.1 or later, which includes the security fix adding NULL pointer checks to prevent the segmentation fault. Additionally, removing any malformed deb822 files causing the crash (such as problematic uploads in PPAs or archives) will unblock the process-upload script. Monitoring and restricting uploads to prevent malformed files can also help mitigate the issue until the patch is applied. [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-6966. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart