Remote Code Execution

2021-07-1900:16:39

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.018 Low

EPSS

Percentile

88.2%

JSON

fail2ban is vulnerable to remote code execution. The mailing action mail-whois command mail from mailutils package used in mail actions like mail-whois can execute command allows an attacker to execute arbitrary commands due to unescaped sequences \n~ in foreign input.

CPENameOperatorVersion
fail2ban:sideq0.11.2-1
fail2ban:bullseyeeq0.11.1-2
fail2ban:bullseyeeq0.11.2-1
fail2ban:sideq0.11.2-1
fail2ban:bullseyeeq0.11.1-2
fail2ban:bullseyeeq0.11.2-1
fail2ban:edgeeq0.11.1-r4
fail2ban:edgeeq0.11.1-r0
fail2ban:edgeeq0.11.2-r0
fail2ban:edgeeq0.11.1-r1

Name	Operator	Version
fail2ban:sid	eq	0.11.2-1
fail2ban:bullseye	eq	0.11.1-2
fail2ban:bullseye	eq	0.11.2-1
fail2ban:sid	eq	0.11.2-1
fail2ban:bullseye	eq	0.11.1-2
fail2ban:bullseye	eq	0.11.2-1
fail2ban:edge	eq	0.11.1-r4
fail2ban:edge	eq	0.11.1-r0
fail2ban:edge	eq	0.11.2-r0
fail2ban:edge	eq	0.11.1-r1