Yes and no. The vul lets you make thousands of authentication requests per connection, limited only by the "login graced time" setting, which is 2 minutes by default.
fail2ban will limit you to a small number of connections, but there can still be a large number of auth attempts with this bug.
The good news is a setting of "ChallengeResponseAuthentication no" protects against this, and that seems to be the default in my install at least.