Description
A write-what-where condition in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers to write arbitrary values to memory, enabling arbitrary code execution via a crafted packet.
Published: 2026-03-16
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Patch
AI Analysis

Impact

A write‑what‑where condition in version of the p2r3 Bareiron project identified by commit 8e4d40 allows an attacker to overwrite arbitrary memory locations. The vulnerability is exploitable without authentication by sending a crafted network packet, leading to arbitrary code execution within the process that runs Bareiron. The weakness maps to CWE‑123 and is classified with a CVSS base score of 9.8, indicating critical severity.

Affected Systems

The flaw is present in the Bareiron component at commit 8e4d40. No specific product version is documented in the CVE entry, but the module is typically employed in custom networking or IoT deployments. Vendor information is not supplied, and the affected code is part of an open‑source project.

Risk and Exploitability

The high CVSS score (9.8) signals a severe risk. EPSS data is not available and the vulnerability is not yet listed in the CISA KEV catalog. Exploitation requires an unauthenticated attacker to transmit a malformed packet; successful exploitation would allow the attacker to write arbitrary values to memory, giving them control over the process and potentially compromising confidentiality, integrity, and availability of the host system.

Generated by OpenCVE AI on March 16, 2026 at 23:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Bareiron to a release that includes the fix for the write‑what‑where condition in commit 8e4d40 or apply the patch manually if available.
  • If a patched version cannot be deployed immediately, restrict network traffic to the Bareiron service to trusted networks only and implement firewall or packet‑filtering rules that block anomalous packets.
  • Monitor the instance for signs of exploitation using host‑based intrusion detection or logs, and isolate affected systems if suspicious activity is observed.
  • Keep an eye on the project's repository and security advisories; when a fixed release is published, deploy it promptly to eliminate the vulnerability.

Generated by OpenCVE AI on March 16, 2026 at 23:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
Title Unauthenticated Write‑What‑Where in p2r3 Bareiron Enables Arbitrary Code Execution

Tue, 17 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared P2r3
P2r3 bareiron
Vendors & Products P2r3
P2r3 bareiron

Mon, 16 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-123
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 19:00:00 +0000

Type Values Removed Values Added
Description A write-what-where condition in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers to write arbitrary values to memory, enabling arbitrary code execution via a crafted packet.
References

Subscriptions

P2r3 Bareiron
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-16T19:32:16.530Z

Reserved: 2026-01-09T00:00:00.000Z

Link: CVE-2025-69809

cve-icon Vulnrichment

Updated: 2026-03-16T19:31:45.531Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-16T19:16:14.960

Modified: 2026-03-17T14:20:01.670

Link: CVE-2025-69809

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T14:00:58Z

Weaknesses