A write-what-where condition in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers to write arbitrary values to memory, enabling arbitrary code execution via a crafted packet.
The error classified as CWE-123 (Write-What-Where Condition) consists of the lack of proper input data validation, which allows the attacker to control both the value written to memory and the target write address. The attacker sends a crafted network packet that triggers this memory write path in the process. With full control over the written data and its location, it is possible to overwrite critical memory structures and redirect code execution to the attacker's payload.
An unauthenticated attacker remotely gains the ability to execute arbitrary code in the context of the application process, which in practice means complete system takeover. Confidentiality, integrity, and availability of data and services are at risk.
Patches available from the vendor should be applied according to references. It is recommended to monitor the project repository at https://github.com/p2r3/bareiron and immediately update to a version containing the fix beyond commit 8e4d40. Until the fix is implemented, consider restricting network access to the service only to trusted IP addresses.
P2R3 Bareiron, commit 8e4d40
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HP2r3 Bareiron
APPP2R32025-09-16
Related vulnerabilities
OOB Memory Access w P2R3 Bareiron β ujawnienie danych i DoS bez uwierzytelnienia
p2r3 bareiron commit: 8e4d4020d contains an Out-of-bounds Read, which allows unauthenticated remote attackers ...
p2r3 Bareiron commit: 8e4d4020d is vulnerable to Buffer Overflow, which allows unauthenticated remote attacker...