CVE-2021-35331 log

Source
Severity Low
Remote Yes
Type Arbitrary code execution
Description
** DISPUTED ** In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crated file. NOTE: multiple third parties dispute the significance of this finding.
Group Package Affected Fixed Severity Status Ticket
AVG-2135 tcl 8.6.11-1 Low Vulnerable
References
https://sqlite.org/forum/info/7dcd751996c93ec9
https://core.tcl-lang.org/tcl/info/bad6cc213dfe8280c25b3bfe3e5830e9e2481f91
https://core.tcl-lang.org/tcl/info/28ef6c0c741408a2defd50daf1ce359a95b4b9dac6e378b46b0ec34cefdf857f
https://github.com/tcltk/tcl/commit/4705dbdde2f32ff90420765cd93e7ac71d81a222