vulnerability

FreeBSD: VID-c848059a-318b-11ec-aa15-0800270512f4 (CVE-2021-32749): fail2ban -- possible RCE vulnerability in mailing action using mailutils

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:M/Au:N/C:P/I:P/A:P)	Oct 28, 2021	Nov 4, 2022	Dec 10, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

Oct 28, 2021

Added

Nov 4, 2022

Modified

Dec 10, 2025

Description

Jakub Żoczek reports: Command mail from mailutils package used in mail actions like mail-whois can execute command if unescaped sequences (\n~) are available in "foreign" input (for instance in whois output).

Solutions

freebsd-upgrade-package-py36-fail2banfreebsd-upgrade-package-py37-fail2banfreebsd-upgrade-package-py38-fail2banfreebsd-upgrade-package-py39-fail2banfreebsd-upgrade-package-py310-fail2ban

References

CVE-2021-32749
https://attackerkb.com/topics/CVE-2021-32749
CWE-78
CWE-94

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today