Vulnerability Details CVE-2021-35331
In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 72.2%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.8
References
- https://core.tcl-lang.org/tcl/info/28ef6c0c741408a2
- https://core.tcl-lang.org/tcl/info/bad6cc213dfe8280
- https://github.com/tcltk/tcl/commit/4705dbdde2f32ff90420765cd93e7ac71d81a222
- https://sqlite.org/forum/info/7dcd751996c93ec9
- https://core.tcl-lang.org/tcl/info/28ef6c0c741408a2
- https://core.tcl-lang.org/tcl/info/bad6cc213dfe8280
- https://github.com/tcltk/tcl/commit/4705dbdde2f32ff90420765cd93e7ac71d81a222
- https://sqlite.org/forum/info/7dcd751996c93ec9