CVE-2021-35331

Опубликовано: 05 июл. 2021

Источник: debian

EPSS Низкий

Описание

In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
tcl8.6	unfixed			package

Примечания

https://core.tcl-lang.org/tcl/info/28ef6c0c741408a2
https://core.tcl-lang.org/tcl/info/bad6cc213dfe8280
https://github.com/tcltk/tcl/commit/4705dbdde2f32ff90420765cd93e7ac71d81a222
https://sqlite.org/forum/info/7dcd751996c93ec9
Various other sources would embedd a copy as well, but the security impact of
the issue tself for tcl is disputed in its significance.

EPSS

Процентиль: 52%

0.0029

Низкий

Связанные уязвимости

CVE-2021-35331

CVSS3: 7.8

ubuntu

больше 4 лет назад

In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding

CVE-2021-35331

CVSS3: 7.8

nvd

больше 4 лет назад

In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding

SUSE-FU-2022:0868-1

suse-cvrf

почти 4 года назад

Feature update for tcl and tk

SUSE-FU-2022:0484-1

suse-cvrf

почти 4 года назад

Feature update for tcl and tk

GHSA-539q-24vg-qfm4

CVSS3: 7.8

github

больше 3 лет назад

** DISPUTED ** In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crated file. NOTE: multiple third parties dispute the significance of this finding.

EPSS

Процентиль: 52%

0.0029

Низкий