CVE-2021-35331

Name
CVE-2021-35331
Description
** DISPUTED ** In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://core.tcl-lang.org/tcl/info/28ef6c0c741408a2
MISC https://core.tcl-lang.org/tcl/info/bad6cc213dfe8280
MISC https://github.com/tcltk/tcl/commit/4705dbdde2f32ff90420765cd93e7ac71d81a222
MISC https://sqlite.org/forum/info/7dcd751996c93ec9

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:tcl:tcl:8.6.11:*:*:*:*:*:*:* tcl == None == 8.6.11

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
tcl edge-main 8.6.11-r0 Carlo Landmeter <clandmeter@alpinelinux.org> fixed
tcl 3.15-main 8.6.11-r0 Carlo Landmeter <clandmeter@alpinelinux.org> possibly vulnerable