Expired Pointer Dereference Affecting sssd-common package, versions *


Severity

Recommended
0.0
medium
0
10

Based on CentOS security rating.

Threat Intelligence

EPSS
0.16% (5th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-CENTOS6-SSSDCOMMON-17756705
  • published1 Jul 2026
  • disclosed9 Jun 2026

Introduced: 9 Jun 2026

NewCVE-2026-12610  (opens in a new tab)
CWE-825  (opens in a new tab)

How to fix?

There is no fixed version for Centos:6 sssd-common.

NVD Description

Note: Versions mentioned in the description apply only to the upstream sssd-common package and not the sssd-common package as distributed by Centos. See How to fix? for Centos:6 relevant fixed versions and status.

A flaw was found in sssd. When authenticating with a YubiKey, the SSSD PAM responder can crash due to a use-after-free vulnerability, where a memory pointer is incorrectly handled. A local attacker could exploit this flaw by manipulating smartcard or YubiKey contents, leading to a denial of service that disrupts authentication. This vulnerability also presents a potential for privilege escalation, although it is difficult to exploit.

CVSS Base Scores

version 3.1