CVE-2013-7177 — Improper Input Validation in Fail2ban

CWE-20 — Improper Input Validation6 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.8%

top 25.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fail2ban Debian Fail2ban

Timeline

PublishedFeb 1

Latest updateMay 17

Description

config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/fail2ban< fail2ban 0.8.11-1 (bookworm)

▶Debianfail2ban/fail2ban< 0.8.11-1+3

▶NVDfail2ban/fail2ban0.8.10+36

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-9rh6-j3cg-gfgj: config/filter↗2022-05-17

▶

OSV

CVE-2013-7177: config/filter↗2014-02-01

▶

📋Vendor Advisories

Debian

CVE-2013-7177: fail2ban - config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban before 0.8....↗2013

▶

💬Community

Bugzilla

CVE-2013-7177 fail2ban: remote denial of service in cyrus-imap filter↗2014-01-31

▶

Bugzilla

CVE-2013-7177 fail2ban: remote denial of service in cyrus-imap filter [epel-5]↗2014-01-31

▶