CVE-2025-36462
BaseFortify
Publication date: 2025-11-17
Last updated on: 2025-11-18
Assigner: Talos
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dell | controlvault3 | * |
| dell | controlvault3_plus | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-805 | The product uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves multiple out-of-bounds read and write issues in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 and Dell ControlVault3 Plus. It occurs when a specially crafted WinBioControlUnit call is made with specific parameters, causing memory corruption by writing up to three null-bytes past the end of a buffer.
How can this vulnerability impact me? :
An attacker with limited privileges can exploit this vulnerability by issuing a crafted API call, potentially causing memory corruption. This can lead to high impact consequences including confidentiality, integrity, and availability being compromised on affected systems.