The (1) sssautofscmdgetautomntent and (2) sssautofscmdgetautomntbyname function in responder/autofs/autofssrvcmd.c and the (3) sshcmdparserequest function in responder/ssh/sshsrv_cmd.c in System Security Services Daemon (SSSD) before 1.9.4 allow remote attackers to cause a denial of service (out-of-bounds read, crash, and restart) via a crafted SSSD packet.