CVE-2021-32075 – CVE-2021-32075 is an insecure deserialization v... (How to Fix)

Q: What is the severity of CVE-2021-32075?

CVE-2021-32075 has a CVSS score of 9.8 (CRITICAL). CVE-2021-32075 is an insecure deserialization vulnerability in Re-Logic Terraria game client that allows remote code execution. Attackers can exploit this by sending maliciously crafted data to vulnerable clients, potentially taking full control of affected systems. All Terraria players using vulnerable versions are affected.

📋 TL;DR

CVE-2021-32075 is an insecure deserialization vulnerability in Re-Logic Terraria game client that allows remote code execution. Attackers can exploit this by sending maliciously crafted data to vulnerable clients, potentially taking full control of affected systems. All Terraria players using vulnerable versions are affected.

💻 Affected Systems

Products:

Re-Logic Terraria

Versions: All versions before 1.4.2.3

Operating Systems: Windows, Linux, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All multiplayer configurations are vulnerable. Single player mode may still be vulnerable if game receives malicious data from other sources.

📦 What is this software?

Terraria by Re Logic

View all CVEs affecting Terraria →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control over the victim's computer, allowing data theft, ransomware deployment, or use as a botnet node.

🟠

Likely Case

Remote code execution leading to malware installation, credential theft, or system disruption for gaming sessions.

🟢

If Mitigated

Limited impact if network controls prevent malicious connections, but still vulnerable to attacks from within trusted networks.

🌐 Internet-Facing: HIGH - Game clients connect to multiplayer servers and can receive malicious data from untrusted sources.

🏢 Internal Only: MEDIUM - Risk exists within LAN gaming environments where malicious players could exploit the vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending malicious data to vulnerable client, which can be done through multiplayer connections or crafted game data.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.4.2.3

Vendor Advisory: https://store.steampowered.com/news/app/105600/view/3062989030626131236

Restart Required: Yes

Instructions:

1. Open Steam client. 2. Navigate to Terraria in your library. 3. Ensure automatic updates are enabled or manually check for updates. 4. Install Terraria version 1.4.2.3 or later. 5. Restart the game.

🔧 Temporary Workarounds

Disable Multiplayer

all

Prevent exploitation by disabling multiplayer connections

Not applicable - configure in game settings

Network Segmentation

all

Restrict Terraria traffic to trusted networks only

Configure firewall to block Terraria ports (default 7777) from untrusted networks

🧯 If You Can't Patch

Disable multiplayer functionality completely
Use network-level controls to restrict Terraria traffic to trusted sources only

🔍 How to Verify

Check if Vulnerable:

Check Terraria version in game main menu or Steam library. If version is below 1.4.2.3, system is vulnerable.

Check Version:

In Terraria: Check version on main menu. In Steam: Right-click Terraria → Properties → Updates → check version.

Verify Fix Applied:

Confirm Terraria version is 1.4.2.3 or higher in game main menu or Steam properties.

📡 Detection & Monitoring

Log Indicators:

Unusual process creation from Terraria executable
Network connections to suspicious IPs on Terraria ports

Network Indicators:

Unusual traffic patterns on Terraria default port 7777
Malformed packet data to Terraria clients

SIEM Query:

Process Creation where ParentImage contains 'terraria.exe' AND NOT (CommandLine contains expected game parameters)

📊 Metadata

CVE ID: CVE-2021-32075

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-502

Published: May 24, 2021

Last Updated: November 21, 2024

🔗 References

https://store.steampowered.com/news/app/105600/view/3062989030626131236 Release Notes,Third Party Advisory
https://terraria.fandom.com/wiki/1.4.2.3 Release Notes,Third Party Advisory
https://twitter.com/relogicgames Third Party Advisory
https://vuln.ryotak.me/advisories/42 Third Party Advisory
https://store.steampowered.com/news/app/105600/view/3062989030626131236 Release Notes,Third Party Advisory
https://terraria.fandom.com/wiki/1.4.2.3 Release Notes,Third Party Advisory
https://twitter.com/relogicgames Third Party Advisory
https://vuln.ryotak.me/advisories/42 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-32075, you might also want to check these: