**Name of the Vulnerable Software and Affected Versions:**

Dell ControlVault3 versions prior to 5.15.10.14

Dell ControlVault3 Plus versions prior to 6.2.26.36

**Description:**

An arbitrary free vulnerability exists in the `cv close` functionality of Dell ControlVault3 and Dell ControlVault3 Plus. A specially crafted ControlVault API call can lead to an arbitrary free. An attacker can forge a fake session to trigger this vulnerability. The vulnerability involves releasing an incorrect pointer, potentially allowing an attacker to execute arbitrary code or cause a denial of service.

**Recommendations:**

Dell ControlVault3 versions prior to 5.15.10.14: Update to version 5.15.10.14 or later.

Dell ControlVault3 Plus versions prior to 6.2.26.36: Update to version 6.2.26.36 or later.