CVE-2021-32568 – CVE-2021-32568 is a deserialization vulnerabili... (How to Fix)

Q: What is the severity of CVE-2021-32568?

CVE-2021-32568 has a CVSS score of 7.8 (HIGH). CVE-2021-32568 is a deserialization vulnerability in mrdoc documentation software that allows attackers to execute arbitrary code by sending malicious serialized data. This affects all mrdoc instances running vulnerable versions, potentially compromising the entire server. Users running mrdoc for documentation management are at risk.

📋 TL;DR

CVE-2021-32568 is a deserialization vulnerability in mrdoc documentation software that allows attackers to execute arbitrary code by sending malicious serialized data. This affects all mrdoc instances running vulnerable versions, potentially compromising the entire server. Users running mrdoc for documentation management are at risk.

💻 Affected Systems

Products:

mrdoc

Versions: Versions prior to commit bb49e1287700b4e7681eab544c61093821ce72f6

Operating Systems: All platforms running mrdoc

Default Config Vulnerable: ⚠️ Yes

Notes: All mrdoc deployments using default configuration are vulnerable. The vulnerability exists in the deserialization mechanism.

📦 What is this software?

Mrdoc by Mrdoc

View all CVEs affecting Mrdoc →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, lateral movement, and persistent backdoor installation.

🟠

Likely Case

Server compromise allowing attacker to access sensitive documentation, user data, and potentially pivot to other systems.

🟢

If Mitigated

Limited impact with proper network segmentation and minimal privileges, potentially only affecting the mrdoc application.

🌐 Internet-Facing: HIGH - Directly exploitable over network without authentication in default configuration.

🏢 Internal Only: HIGH - Still exploitable by internal attackers or compromised internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available through the huntr.dev bounty program. The vulnerability requires sending crafted serialized data to vulnerable endpoints.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Commit bb49e1287700b4e7681eab544c61093821ce72f6 and later

Vendor Advisory: https://github.com/zmister2016/mrdoc/commit/bb49e1287700b4e7681eab544c61093821ce72f6

Restart Required: Yes

Instructions:

1. Update mrdoc to latest version or apply commit bb49e1287700b4e7681eab544c61093821ce72f6. 2. Restart the mrdoc service. 3. Verify the fix by checking version.

🔧 Temporary Workarounds

Network Isolation

linux

Restrict network access to mrdoc instance to trusted IPs only

iptables -A INPUT -p tcp --dport [mrdoc_port] -s [trusted_ip] -j ACCEPT
iptables -A INPUT -p tcp --dport [mrdoc_port] -j DROP

Web Application Firewall

all

Deploy WAF rules to block deserialization attacks

🧯 If You Can't Patch

Isolate mrdoc instance in separate network segment with strict firewall rules
Implement application-level input validation and monitoring for deserialization attempts

🔍 How to Verify

Check if Vulnerable:

Check if mrdoc version is prior to commit bb49e1287700b4e7681eab544c61093821ce72f6 by examining git history or version files.

Check Version:

git log --oneline | grep bb49e1287700b4e7681eab544c61093821ce72f6

Verify Fix Applied:

Verify the commit bb49e1287700b4e7681eab544c61093821ce72f6 is present in your installation and test with known exploit payloads.

📡 Detection & Monitoring

Log Indicators:

Unusual serialization errors
Unexpected process execution from mrdoc context
Large or malformed HTTP requests to mrdoc endpoints

Network Indicators:

HTTP requests containing serialized objects to mrdoc API endpoints
Outbound connections from mrdoc server to unexpected destinations

SIEM Query:

source="mrdoc.log" AND ("deserialization" OR "pickle" OR "serialize")

📊 Metadata

CVE ID: CVE-2021-32568

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-502

Published: September 6, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/zmister2016/mrdoc/commit/bb49e1287700b4e7681eab544c61093821ce72f6 Patch,Third Party Advisory
https://huntr.dev/bounties/04fc04b3-2dc1-4cad-a090-e403cd66b5ad Exploit,Issue Tracking,Patch,Third Party Advisory
https://github.com/zmister2016/mrdoc/commit/bb49e1287700b4e7681eab544c61093821ce72f6 Patch,Third Party Advisory
https://huntr.dev/bounties/04fc04b3-2dc1-4cad-a090-e403cd66b5ad Exploit,Issue Tracking,Patch,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-32568, you might also want to check these: