GHSA-f953-7679-xc38MediumCVSS 6.4
A flaw was found in sssd. When authenticating with a YubiKey, the SSSD PAM responder can crash...
🔗 CVE IDs covered (1)
📋 Description
A flaw was found in sssd. When authenticating with a YubiKey, the SSSD PAM responder can crash due to a use-after-free vulnerability, where a memory pointer is incorrectly handled. A local attacker could exploit this flaw by manipulating smartcard or YubiKey contents, leading to a denial of service that disrupts authentication. This vulnerability also presents a potential for privilege escalation, although it is difficult to exploit.