Jakub Żoczek

**Name of the Vulnerable Software and Affected Versions** fail2ban versions 0.9.7 and prior fail2ban versions 0.10.0 through 0.10.6 fail2ban versions 0.11.0 through 0.11.2 **Description** The issue is related to errors in the mail-whois function. It leads to possible remote code execution in the mailing action mail-whois. The command `mail` from the mailutils package used in mail actions like `mail-whois` can execute commands if unescaped sequences (` ~`) are available in the "foreign" input, for instance in whois output. To exploit the issue, an attacker would need to insert malicious characters into the response sent by the whois server, either via a MITM attack or by taking over a whois server. **Recommendations** For versions 0.9.7 and prior, update to a version newer than 0.9.7 or patch the vulnerability manually. For versions 0.10.0 through 0.10.6, update to version 0.10.7 or patch the vulnerability manually. For versions 0.11.0 through 0.11.2, update to version 0.11.3 or patch the vulnerability manually. As a temporary workaround, consider avoiding the usage of the action `mail-whois` until the issue is resolved.