CVE-2025-36461
BaseFortify
Publication date: 2025-11-17
Last updated on: 2025-11-18
Assigner: Talos
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dell | controlvault3 | * |
| dell | controlvault3_plus | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-805 | The product uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves multiple out-of-bounds read and write issues in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 and Dell ControlVault3 Plus. Specifically, when a specially crafted WinBioControlUnit API call is made with certain parameters (ControlCode 0 and specific buffer sizes), it can cause memory corruption by writing up to 3 bytes out-of-bounds and reading up to 75 bytes out-of-bounds.
How can this vulnerability impact me? :
The vulnerability can lead to memory corruption, which may allow an attacker with limited privileges to execute arbitrary code, cause denial of service, or compromise the confidentiality, integrity, and availability of the affected system.