CVE-2025-6966

NameCVE-2025-6966
DescriptionNULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service (process crash) via a crafted deb822 file with a malformed non-UTF-8 key.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-4408-1
Debian Bugs1122291

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
python-apt (PTS)bullseye2.2.1vulnerable
bullseye (security)2.2.1.1fixed
bookworm2.6.0vulnerable
trixie3.0.0vulnerable
forky, sid3.1.0fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
python-aptsourcebullseye2.2.1.1DLA-4408-1
python-aptsource(unstable)3.1.01122291

Notes

[trixie] - python-apt <no-dsa> (Minor issue)
[bookworm] - python-apt <no-dsa> (Minor issue)
https://bugs.launchpad.net/ubuntu/+source/python-apt/+bug/2091865
https://launchpadlibrarian.net/764050984/0001-Fix-invalid-nullptr-dereference-in-TagSection.keys.patch
Search for package or bug name: Reporting problems