CVE-2021-35331

Published: Jul 5, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding

Affected (1)

Products: Tcl: Tcl

Tcl

1 product

Tcl

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Tcl Tcl	Version 8.6.11

Related CWEs

CWE-134

Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

References (8)

https://core.tcl-lang.org/tcl/info/28ef6c0c741408a2

Source: cve@mitre.org

ExploitPatchVendor Advisory

https://core.tcl-lang.org/tcl/info/bad6cc213dfe8280

Source: cve@mitre.org

ExploitVendor Advisory

https://github.com/tcltk/tcl/commit/4705dbdde2f32ff90420765cd93e7ac71d81a222

Source: cve@mitre.org

PatchThird Party Advisory

https://sqlite.org/forum/info/7dcd751996c93ec9

Source: cve@mitre.org

ExploitThird Party Advisory

https://core.tcl-lang.org/tcl/info/28ef6c0c741408a2

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchVendor Advisory

https://core.tcl-lang.org/tcl/info/bad6cc213dfe8280

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

https://github.com/tcltk/tcl/commit/4705dbdde2f32ff90420765cd93e7ac71d81a222

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://sqlite.org/forum/info/7dcd751996c93ec9

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.