CVE-2012-5642 [High] | Security Vulnerability in Fail2ban

server/action.py in Fail2ban before 0.8.8 does not properly handle the content of the matches tag, which might allow remote attackers to trigger unsafe behavior in a custom action file via unspecified symbols in this content.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2025-03-30	2.83%	1.64%	-1.18%
2	2025-03-29	1.64%	2.83%	+1.18%
3	2025-03-17	—	1.64%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2025-03-30

2.83%

1.64%

-1.18%

2025-03-29

1.64%

2.83%

+1.18%

2025-03-17

—

1.64%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
7.5	2.0	HIGH	`AV:N/AC:L/Au:N/C:P/I:P/A:P` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:N) No authentication is required. Confidentiality impact (C:P) Partial confidentiality impact. Integrity impact (I:P) Partial integrity impact. Availability impact (A:P) Partial availability impact.	10.0	6.4	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

7.5

2.0

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:L): Exploitation conditions are straightforward and predictable.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:P): Partial confidentiality impact.
Integrity impact (I:P): Partial integrity impact.
Availability impact (A:P): Partial availability impact.

10.0

6.4

[email protected]

OS Trackers for CVE-2012-5642

vendor	priority	summary	link
`debian`	low	CVE-2012-5642 low priority: Debian including 1 source packages (fail2ban), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.	https://security-tracker.debian.org/tracker/CVE-2012-5642
`ubuntu`	medium	CVE-2012-5642 medium priority: Ubuntu including 1 source packages (fail2ban), 9 status rows across 9 suites (hardy, lucid, oneiric, precise, quantal, raring, saucy, trusty, upstream): ignored 5, not-affected 2, released 2.	https://ubuntu.com/security/CVE-2012-5642

Affected software / configurations for CVE-2012-5642

Vendor	Product	Version	Raw CPE
fail2ban	fail2ban	<= 0.8.7.1	cpe:2.3:a:fail2ban:fail2ban::::::::
fail2ban	fail2ban	0.1.0	cpe:2.3:a:fail2ban:fail2ban:0.1.0:::::::*
fail2ban	fail2ban	0.1.1	cpe:2.3:a:fail2ban:fail2ban:0.1.1:::::::*
fail2ban	fail2ban	0.1.2	cpe:2.3:a:fail2ban:fail2ban:0.1.2:::::::*
fail2ban	fail2ban	0.3.0	cpe:2.3:a:fail2ban:fail2ban:0.3.0:::::::*
fail2ban	fail2ban	0.3.1	cpe:2.3:a:fail2ban:fail2ban:0.3.1:::::::*
fail2ban	fail2ban	0.4.0	cpe:2.3:a:fail2ban:fail2ban:0.4.0:::::::*
fail2ban	fail2ban	0.4.1	cpe:2.3:a:fail2ban:fail2ban:0.4.1:::::::*
fail2ban	fail2ban	0.5.0	cpe:2.3:a:fail2ban:fail2ban:0.5.0:::::::*
fail2ban	fail2ban	0.5.1	cpe:2.3:a:fail2ban:fail2ban:0.5.1:::::::*
fail2ban	fail2ban	0.5.2	cpe:2.3:a:fail2ban:fail2ban:0.5.2:::::::*
fail2ban	fail2ban	0.5.3	cpe:2.3:a:fail2ban:fail2ban:0.5.3:::::::*
fail2ban	fail2ban	0.5.4	cpe:2.3:a:fail2ban:fail2ban:0.5.4:::::::*
fail2ban	fail2ban	0.5.5	cpe:2.3:a:fail2ban:fail2ban:0.5.5:::::::*
fail2ban	fail2ban	0.6.0	cpe:2.3:a:fail2ban:fail2ban:0.6.0:::::::*
fail2ban	fail2ban	0.6.1	cpe:2.3:a:fail2ban:fail2ban:0.6.1:::::::*
fail2ban	fail2ban	0.7.0	cpe:2.3:a:fail2ban:fail2ban:0.7.0:::::::*
fail2ban	fail2ban	0.7.1	cpe:2.3:a:fail2ban:fail2ban:0.7.1:::::::*
fail2ban	fail2ban	0.7.2	cpe:2.3:a:fail2ban:fail2ban:0.7.2:::::::*
fail2ban	fail2ban	0.7.3	cpe:2.3:a:fail2ban:fail2ban:0.7.3:::::::*
fail2ban	fail2ban	0.7.4	cpe:2.3:a:fail2ban:fail2ban:0.7.4:::::::*
fail2ban	fail2ban	0.7.5	cpe:2.3:a:fail2ban:fail2ban:0.7.5:::::::*
fail2ban	fail2ban	0.7.6	cpe:2.3:a:fail2ban:fail2ban:0.7.6:::::::*
fail2ban	fail2ban	0.7.7	cpe:2.3:a:fail2ban:fail2ban:0.7.7:::::::*
fail2ban	fail2ban	0.7.8	cpe:2.3:a:fail2ban:fail2ban:0.7.8:::::::*
fail2ban	fail2ban	0.7.9	cpe:2.3:a:fail2ban:fail2ban:0.7.9:::::::*
fail2ban	fail2ban	0.8.0	cpe:2.3:a:fail2ban:fail2ban:0.8.0:::::::*
fail2ban	fail2ban	0.8.1	cpe:2.3:a:fail2ban:fail2ban:0.8.1:::::::*
fail2ban	fail2ban	0.8.2	cpe:2.3:a:fail2ban:fail2ban:0.8.2:::::::*
fail2ban	fail2ban	0.8.3	cpe:2.3:a:fail2ban:fail2ban:0.8.3:::::::*
fail2ban	fail2ban	0.8.4	cpe:2.3:a:fail2ban:fail2ban:0.8.4:::::::*
fail2ban	fail2ban	0.8.5	cpe:2.3:a:fail2ban:fail2ban:0.8.5:::::::*
fail2ban	fail2ban	0.8.6	cpe:2.3:a:fail2ban:fail2ban:0.8.6:::::::*
fail2ban	fail2ban	0.8.7	cpe:2.3:a:fail2ban:fail2ban:0.8.7:::::::*

References for CVE-2012-5642

URL	Tags
http://lists.opensuse.org/opensuse-updates/2013-04/msg00001.html
http://lists.opensuse.org/opensuse-updates/2013-04/msg00002.html
http://sourceforge.net/mailarchive/message.php?msg_id=30193056
http://www.mandriva.com/security/advisories?name=MDVSA-2013:078
http://www.openwall.com/lists/oss-security/2012/12/17/2
https://bugs.gentoo.org/show_bug.cgi?id=447572
https://bugzilla.redhat.com/show_bug.cgi?id=887914
https://github.com/fail2ban/fail2ban/commit/83109bc	Patch Vendor Advisory
https://raw.github.com/fail2ban/fail2ban/master/ChangeLog

URL

CVE-2012-5642

Exploit prediction scoring system (EPSS) score for CVE-2012-5642

Common vulnerability scoring system (CVSS) metrics for CVE-2012-5642

Weakness enumeration for CVE-2012-5642

OS Trackers for CVE-2012-5642

Affected software / configurations for CVE-2012-5642

References for CVE-2012-5642