CVE-2013-7176 — Improper Input Validation in Fail2ban

CWE-20 — Improper Input Validation9 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.8%

top 25.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fail2ban Debian Fail2ban

Timeline

PublishedFeb 1

Latest updateMay 17

Description

config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/fail2ban< fail2ban 0.8.11-1 (bookworm)

▶Debianfail2ban/fail2ban< 0.8.11-1+3

▶NVDfail2ban/fail2ban0.8.10+36

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-c3p6-cwjh-4h46: config/filter↗2022-05-17

▶

OSV

CVE-2013-7176: config/filter↗2014-02-01

▶

📋Vendor Advisories

Debian

CVE-2013-7176: fail2ban - config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 all...↗2013

▶

💬Community

Bugzilla

CVE-2013-7176 fail2ban: remote denial of service in postfix filter [epel-5]↗2014-01-31

▶

Bugzilla

CVE-2013-7176 fail2ban: remote denial of service in postfix filter↗2014-01-31

▶

Bugzilla

CVE-2013-6476 cups-filters: pdftoopvp could load drivers from an attacker-controlled directory↗2013-11-07

▶

Bugzilla

CVE-2013-6474 cups-filters: heap-based buffer overflow flaw in pdftoopvp↗2013-11-07

▶

Bugzilla

CVE-2013-6475 cups-filters: possible heap-based buffer overflows due to the use of gmalloc↗2013-11-07

▶