Description
config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression.
References (4)
Core 4
Core References
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/686662
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-03/msg00021.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-2979
Exploit, Patch x_refsource_confirm
https://github.com/fail2ban/fail2ban/commit/eb2f0c927257120dfc32d2450fd63f1962f38821
Scores
EPSS
0.0323
EPSS Percentile
86.8%
Details
CWE
CWE-20
Status
published
Products (37)
fail2ban/fail2ban
0.1.0
fail2ban/fail2ban
0.1.1
fail2ban/fail2ban
0.1.2
fail2ban/fail2ban
0.3.0
fail2ban/fail2ban
0.3.1
fail2ban/fail2ban
0.4.0
fail2ban/fail2ban
0.4.1
fail2ban/fail2ban
0.5.0
fail2ban/fail2ban
0.5.1
fail2ban/fail2ban
0.5.2
... and 27 more
Published
Feb 01, 2014
Tracked Since
Feb 18, 2026