CVE-2025-36463
BaseFortify
Publication date: 2025-11-17
Last updated on: 2025-11-18
Assigner: Talos
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dell | controlvault3 | * |
| dell | controlvault3_plus | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-805 | The product uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves multiple out-of-bounds read and write issues in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 and Dell ControlVault3 Plus before certain versions. It occurs when a specially crafted WinBioControlUnit API call is made with specific parameters, leading to memory corruption. The exploitation requires specific conditions and may be difficult, potentially limiting the impact to Denial of Service attacks.
How can this vulnerability impact me? :
The vulnerability can lead to memory corruption, which may allow an attacker to cause Denial of Service (DoS) conditions. Given the constraints on exploitation, the impact might be limited, but it still poses risks of system instability or crashes.