Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-35331
Vulnerability from cvelistv5
Published
2021-07-05 14:59
Modified
2024-08-04 00:33
Severity ?
EPSS score ?
Summary
In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://core.tcl-lang.org/tcl/info/28ef6c0c741408a2 | Exploit, Patch, Vendor Advisory | |
| cve@mitre.org | https://core.tcl-lang.org/tcl/info/bad6cc213dfe8280 | Exploit, Vendor Advisory | |
| cve@mitre.org | https://github.com/tcltk/tcl/commit/4705dbdde2f32ff90420765cd93e7ac71d81a222 | Patch, Third Party Advisory | |
| cve@mitre.org | https://sqlite.org/forum/info/7dcd751996c93ec9 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://core.tcl-lang.org/tcl/info/28ef6c0c741408a2 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://core.tcl-lang.org/tcl/info/bad6cc213dfe8280 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/tcltk/tcl/commit/4705dbdde2f32ff90420765cd93e7ac71d81a222 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sqlite.org/forum/info/7dcd751996c93ec9 | Exploit, Third Party Advisory |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T00:33:51.273Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://core.tcl-lang.org/tcl/info/bad6cc213dfe8280", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://core.tcl-lang.org/tcl/info/28ef6c0c741408a2", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/tcltk/tcl/commit/4705dbdde2f32ff90420765cd93e7ac71d81a222", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://sqlite.org/forum/info/7dcd751996c93ec9", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-27T18:43:21", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://core.tcl-lang.org/tcl/info/bad6cc213dfe8280", }, { tags: [ "x_refsource_MISC", ], url: "https://core.tcl-lang.org/tcl/info/28ef6c0c741408a2", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/tcltk/tcl/commit/4705dbdde2f32ff90420765cd93e7ac71d81a222", }, { tags: [ "x_refsource_MISC", ], url: "https://sqlite.org/forum/info/7dcd751996c93ec9", }, ], tags: [ "disputed", ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-35331", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "** DISPUTED ** In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://core.tcl-lang.org/tcl/info/bad6cc213dfe8280", refsource: "MISC", url: "https://core.tcl-lang.org/tcl/info/bad6cc213dfe8280", }, { name: "https://core.tcl-lang.org/tcl/info/28ef6c0c741408a2", refsource: "MISC", url: "https://core.tcl-lang.org/tcl/info/28ef6c0c741408a2", }, { name: "https://github.com/tcltk/tcl/commit/4705dbdde2f32ff90420765cd93e7ac71d81a222", refsource: "MISC", url: "https://github.com/tcltk/tcl/commit/4705dbdde2f32ff90420765cd93e7ac71d81a222", }, { name: "https://sqlite.org/forum/info/7dcd751996c93ec9", refsource: "MISC", url: "https://sqlite.org/forum/info/7dcd751996c93ec9", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-35331", datePublished: "2021-07-05T14:59:29", dateReserved: "2021-06-23T00:00:00", dateUpdated: "2024-08-04T00:33:51.273Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2021-35331\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2021-07-05T15:15:07.997\",\"lastModified\":\"2024-11-21T06:12:14.127\",\"vulnStatus\":\"Modified\",\"cveTags\":[{\"sourceIdentifier\":\"cve@mitre.org\",\"tags\":[\"disputed\"]}],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding\"},{\"lang\":\"es\",\"value\":\"** EN DISPUTA ** En Tcl versión 8.6.11, una vulnerabilidad de cadena de formato en nmakehlp.c podría permitir la ejecución de código a través de un archivo manipulado. NOTA: varios terceros discuten la importancia de este hallazgo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-134\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tcl:tcl:8.6.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BE08290-3693-466E-A9E8-92E1E40D6357\"}]}]}],\"references\":[{\"url\":\"https://core.tcl-lang.org/tcl/info/28ef6c0c741408a2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://core.tcl-lang.org/tcl/info/bad6cc213dfe8280\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/tcltk/tcl/commit/4705dbdde2f32ff90420765cd93e7ac71d81a222\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://sqlite.org/forum/info/7dcd751996c93ec9\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://core.tcl-lang.org/tcl/info/28ef6c0c741408a2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://core.tcl-lang.org/tcl/info/bad6cc213dfe8280\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/tcltk/tcl/commit/4705dbdde2f32ff90420765cd93e7ac71d81a222\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://sqlite.org/forum/info/7dcd751996c93ec9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}", }, }
suse-fu-2022:0484-1
Vulnerability from csaf_suse
Published
2022-02-18 03:29
Modified
2022-02-18 03:29
Summary
Feature update for tcl and tk
Notes
Title of the patch
Feature update for tcl and tk
Description of the patch
This feature update for tcl and tk fix the following issues:
Update tcl and tk to version 8.6.12 (jsc#SLE-21015, jsc#SLE-23283):
- Move tcl.macros to /usr/lib/rpm/macros.d (bsc#1185662)
- Use FAT LTO objects in order to provide proper static library (bsc#1138797)
- Fix tcl build issues on s390 architecture (bnc#1085480)
- Fix tcl build issues caused by deprecated libieee in tcl configs (bsc#1179615, bsc#1181840)
- Whitelist PowerPC tests that are not needed (bsc#1072657)
- Add [combobox current] support 'end' index
- Add fixes in [text] bindings
- Add missing 'deferred clear code' support to GIF photo images
- Add new virtual event <<TkWorldChanged>>
- Add new keycodes: CodeInput, SingleCandidate, MultipleCandidate, PreviousCandidate
- Add new support for POSIX error: EILSEQ
- Add new command [tcl::unsupported::corotype]
- Add new command [tcl::unsupported::timerate] for performance testing
- Add new option -state to [ttk::scale]
- Add portable keycodes: OE, oe, Ydiaeresis
- Add support for backrefs in [array names -regexp]
- Add support for Unicode 14
- Disfavor Master/Slave terminology
- Enhance [oo::object] to acquire or lose a class identity dynamically
- Fix canvas rotated text overlap detection
- Fix canvas closed polylines yo fully honor -joinstyle
- Fix display of Long non-wrapped lines in text
- Fix display treeview focus ring when -selectmode none
- Fix focus events not to break entry validation
- Fix [package prefer stable] failing case
- Fix auto_path initialization by Safe Base interps
- Fix bad interaction between grab and mouse pointer warp
- Fix borderwidth calculations on menu items
- Fix cascade tearoff menu redraw artifacts
- Fix coords rounding when drawing canvas items
- Fix corrupt result from [$c postscript] with -file or -channel
- Fix errno management in socket full close
- Fix failure when a [proc] argument name is computed, not literal
- Fix focus on unmapped windows
- Fix handling of duplicates in spinbox -values list
- Fix incomplete read of multi-image GIF
- Fix initialization order of static package in wish
- Fix issue when trying to display angled text without Xft
- Fix issue with font initialization when no font is installed
- Fix problems with Noto Color Emoji font
- Fix race conditions in [file delete] and [file mkdir]
- Fix Std channel initialization for multi-thread operations
- Fix tearoff menu redraw artifacts
- Fix up arrow key in [text] to correctly move cursor to index 1.0
- Fix various cursor issues
- Fix various encoding issues
- Fix various fontchooser issues
- Fix various issues causing crashes and hang in
- Fix various memory issues
- Fix various scrolling bugs and add improvements
- Fix 32/64-bit confusion of FS DIR operations reported for AIX
- Improve appearance of text selection in [*entry] widgets
- Improve checkbutton handling of -selectcolor
- Improve handling of resolution changes
- Improve multi-thread safety when Xft is in use
- Improve ttk high-contrast-mode support
- Improve emoji support
- Improve legacy support for [tk_setPalette]
- Make combobox -postoffset option work with default style
- Make spinbox use proper names in query of option database
- Menu flaws when empty menubar clicked
- New index argument in [$menubutton post x y index]
- Preserve canvas tag list order during add/delete
- Prevent cross-manager loops of geom management
- Rewrite of zlib inflation for multi-stream and completeness
- Run fileevents in proper thread after [thread::attach $channel]
- Stop [unload] corruption of list of loaded packages
- Stop app switching exposing withdrawn windows as zombies
- Tk now denied access to PRIMARY selection from safe interps
- TkpDrawAngledCharsInContext leaked a CGColor
- Try to restore Tcl's [update] command when Tk is unloaded
- Changed [info * methods] to include mixins
- [package require] is now NR-enabled
The following fixes might show some potential incompatibilities with existing software:
- Revised [binary (en|de)code base64] for RFC compliance and roundtrip
- Fix precision of Tcl_DStringAppendElement quoting of #
- Extended [clock scan] ISO format and time zone support
- Allow for select/copy from disabled text widget on all platforms
- Revised case of [info loaded] module names
- [info hostname] reports DNS name, not NetBIOS name
- Force -eofchar \032 when evaluating library scripts
- Revised error messages: 'too few' => 'not enough'
- Performed rewrite of Tk event loop to prevent ring overflow
- Refactored all MouseWheel bindings
- Revised precision of ::scale widget tick mark values
- Prevent transient window cycles (crashed on Aqua)
- Builds no longer use -lieee
- Quoting of command line arguments by [exec] on Windows revised. Prior
quoting rules left holes where some values would not pass through, but
could trigger substitutions or program execution. See
https://core.tcl-lang.org/tcl/info/21b0629c81
- [lreplace] accepts all out-of-range index values
Patchnames
SUSE-2022-484,SUSE-SLE-SDK-12-SP5-2022-484,SUSE-SLE-SERVER-12-SP5-2022-484
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Feature update for tcl and tk", title: "Title of the patch", }, { category: "description", text: "This feature update for tcl and tk fix the following issues:\n\nUpdate tcl and tk to version 8.6.12 (jsc#SLE-21015, jsc#SLE-23283):\n\n- Move tcl.macros to /usr/lib/rpm/macros.d (bsc#1185662) \n- Use FAT LTO objects in order to provide proper static library (bsc#1138797)\n- Fix tcl build issues on s390 architecture (bnc#1085480)\n- Fix tcl build issues caused by deprecated libieee in tcl configs (bsc#1179615, bsc#1181840)\n- Whitelist PowerPC tests that are not needed (bsc#1072657)\n- Add [combobox current] support 'end' index\n- Add fixes in [text] bindings\n- Add missing 'deferred clear code' support to GIF photo images\n- Add new virtual event <<TkWorldChanged>> \n- Add new keycodes: CodeInput, SingleCandidate, MultipleCandidate, PreviousCandidate\n- Add new support for POSIX error: EILSEQ\n- Add new command [tcl::unsupported::corotype]\n- Add new command [tcl::unsupported::timerate] for performance testing\n- Add new option -state to [ttk::scale]\n- Add portable keycodes: OE, oe, Ydiaeresis\n- Add support for backrefs in [array names -regexp]\n- Add support for Unicode 14\n- Disfavor Master/Slave terminology\n- Enhance [oo::object] to acquire or lose a class identity dynamically\n- Fix canvas rotated text overlap detection\n- Fix canvas closed polylines yo fully honor -joinstyle\n- Fix display of Long non-wrapped lines in text\n- Fix display treeview focus ring when -selectmode none\n- Fix focus events not to break entry validation\n- Fix [package prefer stable] failing case\n- Fix auto_path initialization by Safe Base interps\n- Fix bad interaction between grab and mouse pointer warp\n- Fix borderwidth calculations on menu items\n- Fix cascade tearoff menu redraw artifacts\n- Fix coords rounding when drawing canvas items\n- Fix corrupt result from [$c postscript] with -file or -channel\n- Fix errno management in socket full close\n- Fix failure when a [proc] argument name is computed, not literal\n- Fix focus on unmapped windows\n- Fix handling of duplicates in spinbox -values list\n- Fix incomplete read of multi-image GIF\n- Fix initialization order of static package in wish \n- Fix issue when trying to display angled text without Xft\n- Fix issue with font initialization when no font is installed\n- Fix problems with Noto Color Emoji font\n- Fix race conditions in [file delete] and [file mkdir]\n- Fix Std channel initialization for multi-thread operations\n- Fix tearoff menu redraw artifacts\n- Fix up arrow key in [text] to correctly move cursor to index 1.0\n- Fix various cursor issues\n- Fix various encoding issues\n- Fix various fontchooser issues\n- Fix various issues causing crashes and hang in\n- Fix various memory issues\n- Fix various scrolling bugs and add improvements\n- Fix 32/64-bit confusion of FS DIR operations reported for AIX\n- Improve appearance of text selection in [*entry] widgets\n- Improve checkbutton handling of -selectcolor\n- Improve handling of resolution changes\n- Improve multi-thread safety when Xft is in use \n- Improve ttk high-contrast-mode support\n- Improve emoji support\n- Improve legacy support for [tk_setPalette]\n- Make combobox -postoffset option work with default style\n- Make spinbox use proper names in query of option database\n- Menu flaws when empty menubar clicked\n- New index argument in [$menubutton post x y index]\n- Preserve canvas tag list order during add/delete\n- Prevent cross-manager loops of geom management\n- Rewrite of zlib inflation for multi-stream and completeness\n- Run fileevents in proper thread after [thread::attach $channel]\n- Stop [unload] corruption of list of loaded packages\n- Stop app switching exposing withdrawn windows as zombies\n- Tk now denied access to PRIMARY selection from safe interps\n- TkpDrawAngledCharsInContext leaked a CGColor\n- Try to restore Tcl's [update] command when Tk is unloaded\n- Changed [info * methods] to include mixins\n- [package require] is now NR-enabled\n\nThe following fixes might show some potential incompatibilities with existing software:\n\n- Revised [binary (en|de)code base64] for RFC compliance and roundtrip\n- Fix precision of Tcl_DStringAppendElement quoting of #\n- Extended [clock scan] ISO format and time zone support\n- Allow for select/copy from disabled text widget on all platforms\n- Revised case of [info loaded] module names\n- [info hostname] reports DNS name, not NetBIOS name\n- Force -eofchar \\032 when evaluating library scripts\n- Revised error messages: 'too few' => 'not enough'\n- Performed rewrite of Tk event loop to prevent ring overflow\n- Refactored all MouseWheel bindings\n- Revised precision of ::scale widget tick mark values\n- Prevent transient window cycles (crashed on Aqua)\n- Builds no longer use -lieee\n- Quoting of command line arguments by [exec] on Windows revised. Prior\n quoting rules left holes where some values would not pass through, but\n could trigger substitutions or program execution. See\n https://core.tcl-lang.org/tcl/info/21b0629c81 \n- [lreplace] accepts all out-of-range index values\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2022-484,SUSE-SLE-SDK-12-SP5-2022-484,SUSE-SLE-SERVER-12-SP5-2022-484", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-fu-2022_0484-1.json", }, { category: "self", summary: "URL for SUSE-FU-2022:0484-1", url: "https://www.suse.com/support/update/announcement//suse-fu-20220484-1/", }, { category: "self", summary: "E-Mail link for SUSE-FU-2022:0484-1", url: "https://lists.suse.com/pipermail/sle-updates/2022-February/021757.html", }, { category: "self", summary: "SUSE Bug 1072657", url: "https://bugzilla.suse.com/1072657", }, { category: "self", summary: "SUSE Bug 1085480", url: "https://bugzilla.suse.com/1085480", }, { category: "self", summary: "SUSE Bug 1138797", url: "https://bugzilla.suse.com/1138797", }, { category: "self", summary: "SUSE Bug 1179615", url: "https://bugzilla.suse.com/1179615", }, { category: "self", summary: "SUSE Bug 1181840", url: "https://bugzilla.suse.com/1181840", }, { category: "self", summary: "SUSE Bug 1185662", url: "https://bugzilla.suse.com/1185662", }, { category: "self", summary: "SUSE Bug 1195257", url: "https://bugzilla.suse.com/1195257", }, { category: "self", summary: "SUSE CVE CVE-2021-35331 page", url: "https://www.suse.com/security/cve/CVE-2021-35331/", }, ], title: "Feature update for tcl and tk", tracking: { current_release_date: "2022-02-18T03:29:03Z", generator: { date: "2022-02-18T03:29:03Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-FU-2022:0484-1", initial_release_date: "2022-02-18T03:29:03Z", revision_history: [ { date: "2022-02-18T03:29:03Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "tcl-8.6.12-11.3.1.aarch64", product: { name: "tcl-8.6.12-11.3.1.aarch64", product_id: "tcl-8.6.12-11.3.1.aarch64", }, }, { category: "product_version", name: "tcl-devel-8.6.12-11.3.1.aarch64", product: { name: "tcl-devel-8.6.12-11.3.1.aarch64", product_id: "tcl-devel-8.6.12-11.3.1.aarch64", }, }, { category: "product_version", name: "tk-8.6.12-11.3.1.aarch64", product: { name: "tk-8.6.12-11.3.1.aarch64", product_id: "tk-8.6.12-11.3.1.aarch64", }, }, { category: "product_version", name: "tk-devel-8.6.12-11.3.1.aarch64", product: { name: "tk-devel-8.6.12-11.3.1.aarch64", product_id: "tk-devel-8.6.12-11.3.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "tcl-64bit-8.6.12-11.3.1.aarch64_ilp32", product: { name: "tcl-64bit-8.6.12-11.3.1.aarch64_ilp32", product_id: "tcl-64bit-8.6.12-11.3.1.aarch64_ilp32", }, }, { category: "product_version", name: "tk-64bit-8.6.12-11.3.1.aarch64_ilp32", product: { name: "tk-64bit-8.6.12-11.3.1.aarch64_ilp32", product_id: "tk-64bit-8.6.12-11.3.1.aarch64_ilp32", }, }, ], category: "architecture", name: "aarch64_ilp32", }, { branches: [ { category: "product_version", name: "tcl-8.6.12-11.3.1.i586", product: { name: "tcl-8.6.12-11.3.1.i586", product_id: "tcl-8.6.12-11.3.1.i586", }, }, { category: "product_version", name: "tcl-devel-8.6.12-11.3.1.i586", product: { name: "tcl-devel-8.6.12-11.3.1.i586", product_id: "tcl-devel-8.6.12-11.3.1.i586", }, }, { category: "product_version", name: "tk-8.6.12-11.3.1.i586", product: { name: "tk-8.6.12-11.3.1.i586", product_id: "tk-8.6.12-11.3.1.i586", }, }, { category: "product_version", name: "tk-devel-8.6.12-11.3.1.i586", product: { name: "tk-devel-8.6.12-11.3.1.i586", product_id: "tk-devel-8.6.12-11.3.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "tcl-8.6.12-11.3.1.ppc64le", product: { name: "tcl-8.6.12-11.3.1.ppc64le", product_id: "tcl-8.6.12-11.3.1.ppc64le", }, }, { category: "product_version", name: "tcl-devel-8.6.12-11.3.1.ppc64le", product: { name: "tcl-devel-8.6.12-11.3.1.ppc64le", product_id: "tcl-devel-8.6.12-11.3.1.ppc64le", }, }, { category: "product_version", name: "tk-8.6.12-11.3.1.ppc64le", product: { name: "tk-8.6.12-11.3.1.ppc64le", product_id: "tk-8.6.12-11.3.1.ppc64le", }, }, { category: "product_version", name: "tk-devel-8.6.12-11.3.1.ppc64le", product: { name: "tk-devel-8.6.12-11.3.1.ppc64le", product_id: "tk-devel-8.6.12-11.3.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "tcl-8.6.12-11.3.1.s390", product: { name: "tcl-8.6.12-11.3.1.s390", product_id: "tcl-8.6.12-11.3.1.s390", }, }, { category: "product_version", name: "tcl-devel-8.6.12-11.3.1.s390", product: { name: "tcl-devel-8.6.12-11.3.1.s390", product_id: "tcl-devel-8.6.12-11.3.1.s390", }, }, { category: "product_version", name: "tk-8.6.12-11.3.1.s390", product: { name: "tk-8.6.12-11.3.1.s390", product_id: "tk-8.6.12-11.3.1.s390", }, }, { category: "product_version", name: "tk-devel-8.6.12-11.3.1.s390", product: { name: "tk-devel-8.6.12-11.3.1.s390", product_id: "tk-devel-8.6.12-11.3.1.s390", }, }, ], category: "architecture", name: "s390", }, { branches: [ { category: "product_version", name: "tcl-8.6.12-11.3.1.s390x", product: { name: "tcl-8.6.12-11.3.1.s390x", product_id: "tcl-8.6.12-11.3.1.s390x", }, }, { category: "product_version", name: "tcl-32bit-8.6.12-11.3.1.s390x", product: { name: "tcl-32bit-8.6.12-11.3.1.s390x", product_id: "tcl-32bit-8.6.12-11.3.1.s390x", }, }, { category: "product_version", name: "tcl-devel-8.6.12-11.3.1.s390x", product: { name: "tcl-devel-8.6.12-11.3.1.s390x", product_id: "tcl-devel-8.6.12-11.3.1.s390x", }, }, { category: "product_version", name: "tk-8.6.12-11.3.1.s390x", product: { name: "tk-8.6.12-11.3.1.s390x", product_id: "tk-8.6.12-11.3.1.s390x", }, }, { category: "product_version", name: "tk-32bit-8.6.12-11.3.1.s390x", product: { name: "tk-32bit-8.6.12-11.3.1.s390x", product_id: "tk-32bit-8.6.12-11.3.1.s390x", }, }, { category: "product_version", name: "tk-devel-8.6.12-11.3.1.s390x", product: { name: "tk-devel-8.6.12-11.3.1.s390x", product_id: "tk-devel-8.6.12-11.3.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "tcl-8.6.12-11.3.1.x86_64", product: { name: "tcl-8.6.12-11.3.1.x86_64", product_id: "tcl-8.6.12-11.3.1.x86_64", }, }, { category: "product_version", name: "tcl-32bit-8.6.12-11.3.1.x86_64", product: { name: "tcl-32bit-8.6.12-11.3.1.x86_64", product_id: "tcl-32bit-8.6.12-11.3.1.x86_64", }, }, { category: "product_version", name: "tcl-devel-8.6.12-11.3.1.x86_64", product: { name: "tcl-devel-8.6.12-11.3.1.x86_64", product_id: "tcl-devel-8.6.12-11.3.1.x86_64", }, }, { category: "product_version", name: "tk-8.6.12-11.3.1.x86_64", product: { name: "tk-8.6.12-11.3.1.x86_64", product_id: "tk-8.6.12-11.3.1.x86_64", }, }, { category: "product_version", name: "tk-32bit-8.6.12-11.3.1.x86_64", product: { name: "tk-32bit-8.6.12-11.3.1.x86_64", product_id: "tk-32bit-8.6.12-11.3.1.x86_64", }, }, { category: "product_version", name: "tk-devel-8.6.12-11.3.1.x86_64", product: { name: "tk-devel-8.6.12-11.3.1.x86_64", product_id: "tk-devel-8.6.12-11.3.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Software Development Kit 12 SP5", product: { name: "SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sle-sdk:12:sp5", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12 SP5", product: { name: "SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sles:12:sp5", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12:sp5", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "tcl-devel-8.6.12-11.3.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:tcl-devel-8.6.12-11.3.1.aarch64", }, product_reference: "tcl-devel-8.6.12-11.3.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "tcl-devel-8.6.12-11.3.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:tcl-devel-8.6.12-11.3.1.ppc64le", }, product_reference: "tcl-devel-8.6.12-11.3.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "tcl-devel-8.6.12-11.3.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:tcl-devel-8.6.12-11.3.1.s390x", }, product_reference: "tcl-devel-8.6.12-11.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "tcl-devel-8.6.12-11.3.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:tcl-devel-8.6.12-11.3.1.x86_64", }, product_reference: "tcl-devel-8.6.12-11.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "tk-devel-8.6.12-11.3.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:tk-devel-8.6.12-11.3.1.aarch64", }, product_reference: "tk-devel-8.6.12-11.3.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "tk-devel-8.6.12-11.3.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:tk-devel-8.6.12-11.3.1.ppc64le", }, product_reference: "tk-devel-8.6.12-11.3.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "tk-devel-8.6.12-11.3.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:tk-devel-8.6.12-11.3.1.s390x", }, product_reference: "tk-devel-8.6.12-11.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "tk-devel-8.6.12-11.3.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5", product_id: "SUSE Linux Enterprise Software Development Kit 12 SP5:tk-devel-8.6.12-11.3.1.x86_64", }, product_reference: "tk-devel-8.6.12-11.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 12 SP5", }, { category: "default_component_of", full_product_name: { name: "tcl-8.6.12-11.3.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:tcl-8.6.12-11.3.1.aarch64", }, product_reference: "tcl-8.6.12-11.3.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "tcl-8.6.12-11.3.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:tcl-8.6.12-11.3.1.ppc64le", }, product_reference: "tcl-8.6.12-11.3.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "tcl-8.6.12-11.3.1.s390x as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:tcl-8.6.12-11.3.1.s390x", }, product_reference: "tcl-8.6.12-11.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "tcl-8.6.12-11.3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:tcl-8.6.12-11.3.1.x86_64", }, product_reference: "tcl-8.6.12-11.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "tcl-32bit-8.6.12-11.3.1.s390x as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:tcl-32bit-8.6.12-11.3.1.s390x", }, product_reference: "tcl-32bit-8.6.12-11.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "tcl-32bit-8.6.12-11.3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:tcl-32bit-8.6.12-11.3.1.x86_64", }, product_reference: "tcl-32bit-8.6.12-11.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "tk-8.6.12-11.3.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:tk-8.6.12-11.3.1.aarch64", }, product_reference: "tk-8.6.12-11.3.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "tk-8.6.12-11.3.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:tk-8.6.12-11.3.1.ppc64le", }, product_reference: "tk-8.6.12-11.3.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "tk-8.6.12-11.3.1.s390x as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:tk-8.6.12-11.3.1.s390x", }, product_reference: "tk-8.6.12-11.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "tk-8.6.12-11.3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:tk-8.6.12-11.3.1.x86_64", }, product_reference: "tk-8.6.12-11.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "tk-32bit-8.6.12-11.3.1.s390x as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:tk-32bit-8.6.12-11.3.1.s390x", }, product_reference: "tk-32bit-8.6.12-11.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "tk-32bit-8.6.12-11.3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5", product_id: "SUSE Linux Enterprise Server 12 SP5:tk-32bit-8.6.12-11.3.1.x86_64", }, product_reference: "tk-32bit-8.6.12-11.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12 SP5", }, { category: "default_component_of", full_product_name: { name: "tcl-8.6.12-11.3.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcl-8.6.12-11.3.1.aarch64", }, product_reference: "tcl-8.6.12-11.3.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "tcl-8.6.12-11.3.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcl-8.6.12-11.3.1.ppc64le", }, product_reference: "tcl-8.6.12-11.3.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "tcl-8.6.12-11.3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcl-8.6.12-11.3.1.s390x", }, product_reference: "tcl-8.6.12-11.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "tcl-8.6.12-11.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcl-8.6.12-11.3.1.x86_64", }, product_reference: "tcl-8.6.12-11.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "tcl-32bit-8.6.12-11.3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcl-32bit-8.6.12-11.3.1.s390x", }, product_reference: "tcl-32bit-8.6.12-11.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "tcl-32bit-8.6.12-11.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcl-32bit-8.6.12-11.3.1.x86_64", }, product_reference: "tcl-32bit-8.6.12-11.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "tk-8.6.12-11.3.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tk-8.6.12-11.3.1.aarch64", }, product_reference: "tk-8.6.12-11.3.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "tk-8.6.12-11.3.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tk-8.6.12-11.3.1.ppc64le", }, product_reference: "tk-8.6.12-11.3.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "tk-8.6.12-11.3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tk-8.6.12-11.3.1.s390x", }, product_reference: "tk-8.6.12-11.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "tk-8.6.12-11.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tk-8.6.12-11.3.1.x86_64", }, product_reference: "tk-8.6.12-11.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "tk-32bit-8.6.12-11.3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tk-32bit-8.6.12-11.3.1.s390x", }, product_reference: "tk-32bit-8.6.12-11.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, { category: "default_component_of", full_product_name: { name: "tk-32bit-8.6.12-11.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5", product_id: "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tk-32bit-8.6.12-11.3.1.x86_64", }, product_reference: "tk-32bit-8.6.12-11.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12 SP5", }, ], }, vulnerabilities: [ { cve: "CVE-2021-35331", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-35331", }, ], notes: [ { category: "general", text: "** DISPUTED ** In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12 SP5:tcl-32bit-8.6.12-11.3.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcl-32bit-8.6.12-11.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:tcl-8.6.12-11.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcl-8.6.12-11.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcl-8.6.12-11.3.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcl-8.6.12-11.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:tk-32bit-8.6.12-11.3.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tk-32bit-8.6.12-11.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:tk-8.6.12-11.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tk-8.6.12-11.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tk-8.6.12-11.3.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tk-8.6.12-11.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcl-32bit-8.6.12-11.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcl-32bit-8.6.12-11.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcl-8.6.12-11.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcl-8.6.12-11.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcl-8.6.12-11.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcl-8.6.12-11.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tk-32bit-8.6.12-11.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tk-32bit-8.6.12-11.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tk-8.6.12-11.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tk-8.6.12-11.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tk-8.6.12-11.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tk-8.6.12-11.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:tcl-devel-8.6.12-11.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:tcl-devel-8.6.12-11.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:tcl-devel-8.6.12-11.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:tcl-devel-8.6.12-11.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:tk-devel-8.6.12-11.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:tk-devel-8.6.12-11.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:tk-devel-8.6.12-11.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:tk-devel-8.6.12-11.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-35331", url: "https://www.suse.com/security/cve/CVE-2021-35331", }, { category: "external", summary: "SUSE Bug 1195257 for CVE-2021-35331", url: "https://bugzilla.suse.com/1195257", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12 SP5:tcl-32bit-8.6.12-11.3.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcl-32bit-8.6.12-11.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:tcl-8.6.12-11.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcl-8.6.12-11.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcl-8.6.12-11.3.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcl-8.6.12-11.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:tk-32bit-8.6.12-11.3.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tk-32bit-8.6.12-11.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:tk-8.6.12-11.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tk-8.6.12-11.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tk-8.6.12-11.3.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tk-8.6.12-11.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcl-32bit-8.6.12-11.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcl-32bit-8.6.12-11.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcl-8.6.12-11.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcl-8.6.12-11.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcl-8.6.12-11.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcl-8.6.12-11.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tk-32bit-8.6.12-11.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tk-32bit-8.6.12-11.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tk-8.6.12-11.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tk-8.6.12-11.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tk-8.6.12-11.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tk-8.6.12-11.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:tcl-devel-8.6.12-11.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:tcl-devel-8.6.12-11.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:tcl-devel-8.6.12-11.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:tcl-devel-8.6.12-11.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:tk-devel-8.6.12-11.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:tk-devel-8.6.12-11.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:tk-devel-8.6.12-11.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:tk-devel-8.6.12-11.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12 SP5:tcl-32bit-8.6.12-11.3.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcl-32bit-8.6.12-11.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:tcl-8.6.12-11.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tcl-8.6.12-11.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tcl-8.6.12-11.3.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tcl-8.6.12-11.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:tk-32bit-8.6.12-11.3.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tk-32bit-8.6.12-11.3.1.x86_64", "SUSE Linux Enterprise Server 12 SP5:tk-8.6.12-11.3.1.aarch64", "SUSE Linux Enterprise Server 12 SP5:tk-8.6.12-11.3.1.ppc64le", "SUSE Linux Enterprise Server 12 SP5:tk-8.6.12-11.3.1.s390x", "SUSE Linux Enterprise Server 12 SP5:tk-8.6.12-11.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcl-32bit-8.6.12-11.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcl-32bit-8.6.12-11.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcl-8.6.12-11.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcl-8.6.12-11.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcl-8.6.12-11.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tcl-8.6.12-11.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tk-32bit-8.6.12-11.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tk-32bit-8.6.12-11.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tk-8.6.12-11.3.1.aarch64", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tk-8.6.12-11.3.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tk-8.6.12-11.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 12 SP5:tk-8.6.12-11.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:tcl-devel-8.6.12-11.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:tcl-devel-8.6.12-11.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:tcl-devel-8.6.12-11.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:tcl-devel-8.6.12-11.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 12 SP5:tk-devel-8.6.12-11.3.1.aarch64", "SUSE Linux Enterprise Software Development Kit 12 SP5:tk-devel-8.6.12-11.3.1.ppc64le", "SUSE Linux Enterprise Software Development Kit 12 SP5:tk-devel-8.6.12-11.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 12 SP5:tk-devel-8.6.12-11.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-02-18T03:29:03Z", details: "important", }, ], title: "CVE-2021-35331", }, ], }
suse-fu-2022:0868-1
Vulnerability from csaf_suse
Published
2022-03-16 06:16
Modified
2022-03-16 06:16
Summary
Feature update for tcl and tk
Notes
Title of the patch
Feature update for tcl and tk
Description of the patch
This feature update for tcl and tk fixes the following issues:
Update tcl and tk to version 8.6.12 (jsc#SLE-21016, jsc#SLE-23284):
- Move tcl.macros to /usr/lib/rpm/macros.d (bsc#1185662)
- Use FAT LTO objects in order to provide proper static library (bsc#1138797)
- Fix a bug in itcl that was affecting iwidgets (bsc#903017)
- Add [combobox current] support 'end' index
- Add fixes in [text] bindings
- Add missing 'deferred clear code' support to GIF photo images
- Add new virtual event <<TkWorldChanged>>
- Add new keycodes: CodeInput, SingleCandidate, MultipleCandidate, PreviousCandidate
- Add new support for POSIX error: EILSEQ
- Add new command [tcl::unsupported::corotype]
- Add new command [tcl::unsupported::timerate] for performance testing
- Add new option -state to [ttk::scale]
- Add portable keycodes: OE, oe, Ydiaeresis
- Add support for backrefs in [array names -regexp]
- Add support for Unicode 14
- Disfavor Master/Slave terminology
- Enhance [oo::object] to acquire or lose a class identity dynamically
- Fix canvas rotated text overlap detection
- Fix canvas closed polylines yo fully honor -joinstyle
- Fix display of Long non-wrapped lines in text
- Fix display treeview focus ring when -selectmode none
- Fix focus events not to break entry validation
- Fix [package prefer stable] failing case
- Fix auto_path initialization by Safe Base interps
- Fix bad interaction between grab and mouse pointer warp
- Fix borderwidth calculations on menu items
- Fix cascade tearoff menu redraw artifacts
- Fix coords rounding when drawing canvas items
- Fix corrupt result from [$c postscript] with -file or -channel
- Fix errno management in socket full close
- Fix failure when a [proc] argument name is computed, not literal
- Fix focus on unmapped windows
- Fix handling of duplicates in spinbox -values list
- Fix incomplete read of multi-image GIF
- Fix initialization order of static package in wish
- Fix issue when trying to display angled text without Xft
- Fix issue with font initialization when no font is installed
- Fix problems with Noto Color Emoji font
- Fix race conditions in [file delete] and [file mkdir]
- Fix Std channel initialization for multi-thread operations
- Fix tearoff menu redraw artifacts
- Fix up arrow key in [text] to correctly move cursor to index 1.0
- Fix various cursor issues
- Fix various encoding issues
- Fix various fontchooser issues
- Fix various issues causing crashes and hang in
- Fix various memory issues
- Fix various scrolling bugs and add improvements
- Fix 32/64-bit confusion of FS DIR operations reported for AIX
- Improve appearance of text selection in [*entry] widgets
- Improve checkbutton handling of -selectcolor
- Improve handling of resolution changes
- Improve multi-thread safety when Xft is in use
- Improve ttk high-contrast-mode support
- Improve emoji support
- Improve legacy support for [tk_setPalette]
- Make combobox -postoffset option work with default style
- Make spinbox use proper names in query of option database
- Menu flaws when empty menubar clicked
- New index argument in [$menubutton post x y index]
- Preserve canvas tag list order during add/delete
- Prevent cross-manager loops of geom management
- Rewrite of zlib inflation for multi-stream and completeness
- Run fileevents in proper thread after [thread::attach $channel]
- Stop [unload] corruption of list of loaded packages
- Stop app switching exposing withdrawn windows as zombies
- Tk now denied access to PRIMARY selection from safe interps
- TkpDrawAngledCharsInContext leaked a CGColor
- Try to restore Tcl's [update] command when Tk is unloaded
- Changed [info * methods] to include mixins
- [package require] is now NR-enabled
The following fixes might show some potential incompatibilities with existing software:
- Revised [binary (en|de)code base64] for RFC compliance and roundtrip
- Tcl_DStringAppendElement # quoting precision, dstring-2.13, dstring-3.10
- Extended [clock scan] ISO format and time zone support
- Allow for select/copy from disabled text widget on all platforms
- Revised case of [info loaded] module names
- [info hostname] reports DNS name, not NetBIOS name
- Force -eofchar \032 when evaluating library scripts
- Revised error messages: 'too few' => 'not enough'
- Performed rewrite of Tk event loop to prevent ring overflow
- Refactored all MouseWheel bindings
- Revised precision of ::scale widget tick mark values
- Prevent transient window cycles (crashed on Aqua)
- Builds no longer use -lieee
- Quoting of command line arguments by [exec] on Windows revised. Prior
quoting rules left holes where some values would not pass through, but
could trigger substitutions or program execution. See
https://core.tcl-lang.org/tcl/info/21b0629c81
- [lreplace] accepts all out-of-range index values
Patchnames
SUSE-2022-868,SUSE-SLE-Module-Basesystem-15-SP3-2022-868,SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-868
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Feature update for tcl and tk", title: "Title of the patch", }, { category: "description", text: "This feature update for tcl and tk fixes the following issues:\n\nUpdate tcl and tk to version 8.6.12 (jsc#SLE-21016, jsc#SLE-23284):\n\n- Move tcl.macros to /usr/lib/rpm/macros.d (bsc#1185662) \n- Use FAT LTO objects in order to provide proper static library (bsc#1138797)\n- Fix a bug in itcl that was affecting iwidgets (bsc#903017)\n- Add [combobox current] support 'end' index\n- Add fixes in [text] bindings\n- Add missing 'deferred clear code' support to GIF photo images\n- Add new virtual event <<TkWorldChanged>> \n- Add new keycodes: CodeInput, SingleCandidate, MultipleCandidate, PreviousCandidate\n- Add new support for POSIX error: EILSEQ\n- Add new command [tcl::unsupported::corotype]\n- Add new command [tcl::unsupported::timerate] for performance testing\n- Add new option -state to [ttk::scale]\n- Add portable keycodes: OE, oe, Ydiaeresis\n- Add support for backrefs in [array names -regexp]\n- Add support for Unicode 14\n- Disfavor Master/Slave terminology\n- Enhance [oo::object] to acquire or lose a class identity dynamically\n- Fix canvas rotated text overlap detection\n- Fix canvas closed polylines yo fully honor -joinstyle\n- Fix display of Long non-wrapped lines in text\n- Fix display treeview focus ring when -selectmode none\n- Fix focus events not to break entry validation\n- Fix [package prefer stable] failing case\n- Fix auto_path initialization by Safe Base interps\n- Fix bad interaction between grab and mouse pointer warp\n- Fix borderwidth calculations on menu items\n- Fix cascade tearoff menu redraw artifacts\n- Fix coords rounding when drawing canvas items\n- Fix corrupt result from [$c postscript] with -file or -channel\n- Fix errno management in socket full close\n- Fix failure when a [proc] argument name is computed, not literal\n- Fix focus on unmapped windows\n- Fix handling of duplicates in spinbox -values list\n- Fix incomplete read of multi-image GIF\n- Fix initialization order of static package in wish \n- Fix issue when trying to display angled text without Xft\n- Fix issue with font initialization when no font is installed\n- Fix problems with Noto Color Emoji font\n- Fix race conditions in [file delete] and [file mkdir]\n- Fix Std channel initialization for multi-thread operations\n- Fix tearoff menu redraw artifacts\n- Fix up arrow key in [text] to correctly move cursor to index 1.0\n- Fix various cursor issues\n- Fix various encoding issues\n- Fix various fontchooser issues\n- Fix various issues causing crashes and hang in\n- Fix various memory issues\n- Fix various scrolling bugs and add improvements\n- Fix 32/64-bit confusion of FS DIR operations reported for AIX\n- Improve appearance of text selection in [*entry] widgets\n- Improve checkbutton handling of -selectcolor\n- Improve handling of resolution changes\n- Improve multi-thread safety when Xft is in use \n- Improve ttk high-contrast-mode support\n- Improve emoji support\n- Improve legacy support for [tk_setPalette]\n- Make combobox -postoffset option work with default style\n- Make spinbox use proper names in query of option database\n- Menu flaws when empty menubar clicked\n- New index argument in [$menubutton post x y index]\n- Preserve canvas tag list order during add/delete\n- Prevent cross-manager loops of geom management\n- Rewrite of zlib inflation for multi-stream and completeness\n- Run fileevents in proper thread after [thread::attach $channel]\n- Stop [unload] corruption of list of loaded packages\n- Stop app switching exposing withdrawn windows as zombies\n- Tk now denied access to PRIMARY selection from safe interps\n- TkpDrawAngledCharsInContext leaked a CGColor\n- Try to restore Tcl's [update] command when Tk is unloaded\n- Changed [info * methods] to include mixins\n- [package require] is now NR-enabled\n\nThe following fixes might show some potential incompatibilities with existing software:\n\n- Revised [binary (en|de)code base64] for RFC compliance and roundtrip\n- Tcl_DStringAppendElement # quoting precision, dstring-2.13, dstring-3.10\n- Extended [clock scan] ISO format and time zone support\n- Allow for select/copy from disabled text widget on all platforms\n- Revised case of [info loaded] module names\n- [info hostname] reports DNS name, not NetBIOS name\n- Force -eofchar \\032 when evaluating library scripts\n- Revised error messages: 'too few' => 'not enough'\n- Performed rewrite of Tk event loop to prevent ring overflow\n- Refactored all MouseWheel bindings\n- Revised precision of ::scale widget tick mark values\n- Prevent transient window cycles (crashed on Aqua)\n- Builds no longer use -lieee\n- Quoting of command line arguments by [exec] on Windows revised. Prior\n quoting rules left holes where some values would not pass through, but\n could trigger substitutions or program execution. See\n https://core.tcl-lang.org/tcl/info/21b0629c81 \n- [lreplace] accepts all out-of-range index values\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2022-868,SUSE-SLE-Module-Basesystem-15-SP3-2022-868,SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-868", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-fu-2022_0868-1.json", }, { category: "self", summary: "URL for SUSE-FU-2022:0868-1", url: "https://www.suse.com/support/update/announcement//suse-fu-20220868-1/", }, { category: "self", summary: "E-Mail link for SUSE-FU-2022:0868-1", url: "https://lists.suse.com/pipermail/sle-updates/2022-March/022127.html", }, { category: "self", summary: "SUSE Bug 1138797", url: "https://bugzilla.suse.com/1138797", }, { category: "self", summary: "SUSE Bug 1185662", url: "https://bugzilla.suse.com/1185662", }, { category: "self", summary: "SUSE Bug 1195257", url: "https://bugzilla.suse.com/1195257", }, { category: "self", summary: "SUSE Bug 903017", url: "https://bugzilla.suse.com/903017", }, { category: "self", summary: "SUSE CVE CVE-2021-35331 page", url: "https://www.suse.com/security/cve/CVE-2021-35331/", }, ], title: "Feature update for tcl and tk", tracking: { current_release_date: "2022-03-16T06:16:05Z", generator: { date: "2022-03-16T06:16:05Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-FU-2022:0868-1", initial_release_date: "2022-03-16T06:16:05Z", revision_history: [ { date: "2022-03-16T06:16:05Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "tcl-8.6.12-150300.14.3.1.aarch64", product: { name: "tcl-8.6.12-150300.14.3.1.aarch64", product_id: "tcl-8.6.12-150300.14.3.1.aarch64", }, }, { category: "product_version", name: "tcl-devel-8.6.12-150300.14.3.1.aarch64", product: { name: "tcl-devel-8.6.12-150300.14.3.1.aarch64", product_id: "tcl-devel-8.6.12-150300.14.3.1.aarch64", }, }, { category: "product_version", name: "tk-8.6.12-150300.10.3.1.aarch64", product: { name: "tk-8.6.12-150300.10.3.1.aarch64", product_id: "tk-8.6.12-150300.10.3.1.aarch64", }, }, { category: "product_version", name: "tk-devel-8.6.12-150300.10.3.1.aarch64", product: { name: "tk-devel-8.6.12-150300.10.3.1.aarch64", product_id: "tk-devel-8.6.12-150300.10.3.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "tcl-64bit-8.6.12-150300.14.3.1.aarch64_ilp32", product: { name: "tcl-64bit-8.6.12-150300.14.3.1.aarch64_ilp32", product_id: "tcl-64bit-8.6.12-150300.14.3.1.aarch64_ilp32", }, }, { category: "product_version", name: "tk-64bit-8.6.12-150300.10.3.1.aarch64_ilp32", product: { name: "tk-64bit-8.6.12-150300.10.3.1.aarch64_ilp32", product_id: "tk-64bit-8.6.12-150300.10.3.1.aarch64_ilp32", }, }, ], category: "architecture", name: "aarch64_ilp32", }, { branches: [ { category: "product_version", name: "tcl-8.6.12-150300.14.3.1.i586", product: { name: "tcl-8.6.12-150300.14.3.1.i586", product_id: "tcl-8.6.12-150300.14.3.1.i586", }, }, { category: "product_version", name: "tcl-devel-8.6.12-150300.14.3.1.i586", product: { name: "tcl-devel-8.6.12-150300.14.3.1.i586", product_id: "tcl-devel-8.6.12-150300.14.3.1.i586", }, }, { category: "product_version", name: "tk-8.6.12-150300.10.3.1.i586", product: { name: "tk-8.6.12-150300.10.3.1.i586", product_id: "tk-8.6.12-150300.10.3.1.i586", }, }, { category: "product_version", name: "tk-devel-8.6.12-150300.10.3.1.i586", product: { name: "tk-devel-8.6.12-150300.10.3.1.i586", product_id: "tk-devel-8.6.12-150300.10.3.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "tcl-8.6.12-150300.14.3.1.ppc64le", product: { name: "tcl-8.6.12-150300.14.3.1.ppc64le", product_id: "tcl-8.6.12-150300.14.3.1.ppc64le", }, }, { category: "product_version", name: "tcl-devel-8.6.12-150300.14.3.1.ppc64le", product: { name: "tcl-devel-8.6.12-150300.14.3.1.ppc64le", product_id: "tcl-devel-8.6.12-150300.14.3.1.ppc64le", }, }, { category: "product_version", name: "tk-8.6.12-150300.10.3.1.ppc64le", product: { name: "tk-8.6.12-150300.10.3.1.ppc64le", product_id: "tk-8.6.12-150300.10.3.1.ppc64le", }, }, { category: "product_version", name: "tk-devel-8.6.12-150300.10.3.1.ppc64le", product: { name: "tk-devel-8.6.12-150300.10.3.1.ppc64le", product_id: "tk-devel-8.6.12-150300.10.3.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "tcl-8.6.12-150300.14.3.1.s390x", product: { name: "tcl-8.6.12-150300.14.3.1.s390x", product_id: "tcl-8.6.12-150300.14.3.1.s390x", }, }, { category: "product_version", name: "tcl-devel-8.6.12-150300.14.3.1.s390x", product: { name: "tcl-devel-8.6.12-150300.14.3.1.s390x", product_id: "tcl-devel-8.6.12-150300.14.3.1.s390x", }, }, { category: "product_version", name: "tk-8.6.12-150300.10.3.1.s390x", product: { name: "tk-8.6.12-150300.10.3.1.s390x", product_id: "tk-8.6.12-150300.10.3.1.s390x", }, }, { category: "product_version", name: "tk-devel-8.6.12-150300.10.3.1.s390x", product: { name: "tk-devel-8.6.12-150300.10.3.1.s390x", product_id: "tk-devel-8.6.12-150300.10.3.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "tcl-8.6.12-150300.14.3.1.x86_64", product: { name: "tcl-8.6.12-150300.14.3.1.x86_64", product_id: "tcl-8.6.12-150300.14.3.1.x86_64", }, }, { category: "product_version", name: "tcl-32bit-8.6.12-150300.14.3.1.x86_64", product: { name: "tcl-32bit-8.6.12-150300.14.3.1.x86_64", product_id: "tcl-32bit-8.6.12-150300.14.3.1.x86_64", }, }, { category: "product_version", name: "tcl-devel-8.6.12-150300.14.3.1.x86_64", product: { name: "tcl-devel-8.6.12-150300.14.3.1.x86_64", product_id: "tcl-devel-8.6.12-150300.14.3.1.x86_64", }, }, { category: "product_version", name: "tk-8.6.12-150300.10.3.1.x86_64", product: { name: "tk-8.6.12-150300.10.3.1.x86_64", product_id: "tk-8.6.12-150300.10.3.1.x86_64", }, }, { category: "product_version", name: "tk-32bit-8.6.12-150300.10.3.1.x86_64", product: { name: "tk-32bit-8.6.12-150300.10.3.1.x86_64", product_id: "tk-32bit-8.6.12-150300.10.3.1.x86_64", }, }, { category: "product_version", name: "tk-devel-8.6.12-150300.10.3.1.x86_64", product: { name: "tk-devel-8.6.12-150300.10.3.1.x86_64", product_id: "tk-devel-8.6.12-150300.10.3.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Basesystem 15 SP3", product: { name: "SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-basesystem:15:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Module for Desktop Applications 15 SP3", product: { name: "SUSE Linux Enterprise Module for Desktop Applications 15 SP3", product_id: "SUSE Linux Enterprise Module for Desktop Applications 15 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-desktop-applications:15:sp3", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "tcl-8.6.12-150300.14.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-8.6.12-150300.14.3.1.aarch64", }, product_reference: "tcl-8.6.12-150300.14.3.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP3", }, { category: "default_component_of", full_product_name: { name: "tcl-8.6.12-150300.14.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-8.6.12-150300.14.3.1.ppc64le", }, product_reference: "tcl-8.6.12-150300.14.3.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP3", }, { category: "default_component_of", full_product_name: { name: "tcl-8.6.12-150300.14.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-8.6.12-150300.14.3.1.s390x", }, product_reference: "tcl-8.6.12-150300.14.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP3", }, { category: "default_component_of", full_product_name: { name: "tcl-8.6.12-150300.14.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-8.6.12-150300.14.3.1.x86_64", }, product_reference: "tcl-8.6.12-150300.14.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP3", }, { category: "default_component_of", full_product_name: { name: "tcl-32bit-8.6.12-150300.14.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-32bit-8.6.12-150300.14.3.1.x86_64", }, product_reference: "tcl-32bit-8.6.12-150300.14.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP3", }, { category: "default_component_of", full_product_name: { name: "tcl-devel-8.6.12-150300.14.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-devel-8.6.12-150300.14.3.1.aarch64", }, product_reference: "tcl-devel-8.6.12-150300.14.3.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP3", }, { category: "default_component_of", full_product_name: { name: "tcl-devel-8.6.12-150300.14.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-devel-8.6.12-150300.14.3.1.ppc64le", }, product_reference: "tcl-devel-8.6.12-150300.14.3.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP3", }, { category: "default_component_of", full_product_name: { name: "tcl-devel-8.6.12-150300.14.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-devel-8.6.12-150300.14.3.1.s390x", }, product_reference: "tcl-devel-8.6.12-150300.14.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP3", }, { category: "default_component_of", full_product_name: { name: "tcl-devel-8.6.12-150300.14.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-devel-8.6.12-150300.14.3.1.x86_64", }, product_reference: "tcl-devel-8.6.12-150300.14.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP3", }, { category: "default_component_of", full_product_name: { name: "tk-8.6.12-150300.10.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3:tk-8.6.12-150300.10.3.1.aarch64", }, product_reference: "tk-8.6.12-150300.10.3.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP3", }, { category: "default_component_of", full_product_name: { name: "tk-8.6.12-150300.10.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3:tk-8.6.12-150300.10.3.1.ppc64le", }, product_reference: "tk-8.6.12-150300.10.3.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP3", }, { category: "default_component_of", full_product_name: { name: "tk-8.6.12-150300.10.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3:tk-8.6.12-150300.10.3.1.s390x", }, product_reference: "tk-8.6.12-150300.10.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP3", }, { category: "default_component_of", full_product_name: { name: "tk-8.6.12-150300.10.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3:tk-8.6.12-150300.10.3.1.x86_64", }, product_reference: "tk-8.6.12-150300.10.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP3", }, { category: "default_component_of", full_product_name: { name: "tk-32bit-8.6.12-150300.10.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3", product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP3:tk-32bit-8.6.12-150300.10.3.1.x86_64", }, product_reference: "tk-32bit-8.6.12-150300.10.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP3", }, { category: "default_component_of", full_product_name: { name: "tk-devel-8.6.12-150300.10.3.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP3", product_id: "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:tk-devel-8.6.12-150300.10.3.1.aarch64", }, product_reference: "tk-devel-8.6.12-150300.10.3.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Desktop Applications 15 SP3", }, { category: "default_component_of", full_product_name: { name: "tk-devel-8.6.12-150300.10.3.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP3", product_id: "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:tk-devel-8.6.12-150300.10.3.1.ppc64le", }, product_reference: "tk-devel-8.6.12-150300.10.3.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Desktop Applications 15 SP3", }, { category: "default_component_of", full_product_name: { name: "tk-devel-8.6.12-150300.10.3.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP3", product_id: "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:tk-devel-8.6.12-150300.10.3.1.s390x", }, product_reference: "tk-devel-8.6.12-150300.10.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Desktop Applications 15 SP3", }, { category: "default_component_of", full_product_name: { name: "tk-devel-8.6.12-150300.10.3.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15 SP3", product_id: "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:tk-devel-8.6.12-150300.10.3.1.x86_64", }, product_reference: "tk-devel-8.6.12-150300.10.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Desktop Applications 15 SP3", }, ], }, vulnerabilities: [ { cve: "CVE-2021-35331", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-35331", }, ], notes: [ { category: "general", text: "** DISPUTED ** In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-32bit-8.6.12-150300.14.3.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-8.6.12-150300.14.3.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-8.6.12-150300.14.3.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-8.6.12-150300.14.3.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-8.6.12-150300.14.3.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-devel-8.6.12-150300.14.3.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-devel-8.6.12-150300.14.3.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-devel-8.6.12-150300.14.3.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-devel-8.6.12-150300.14.3.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:tk-32bit-8.6.12-150300.10.3.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:tk-8.6.12-150300.10.3.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:tk-8.6.12-150300.10.3.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP3:tk-8.6.12-150300.10.3.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP3:tk-8.6.12-150300.10.3.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:tk-devel-8.6.12-150300.10.3.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:tk-devel-8.6.12-150300.10.3.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:tk-devel-8.6.12-150300.10.3.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:tk-devel-8.6.12-150300.10.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-35331", url: "https://www.suse.com/security/cve/CVE-2021-35331", }, { category: "external", summary: "SUSE Bug 1195257 for CVE-2021-35331", url: "https://bugzilla.suse.com/1195257", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-32bit-8.6.12-150300.14.3.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-8.6.12-150300.14.3.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-8.6.12-150300.14.3.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-8.6.12-150300.14.3.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-8.6.12-150300.14.3.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-devel-8.6.12-150300.14.3.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-devel-8.6.12-150300.14.3.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-devel-8.6.12-150300.14.3.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-devel-8.6.12-150300.14.3.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:tk-32bit-8.6.12-150300.10.3.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:tk-8.6.12-150300.10.3.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:tk-8.6.12-150300.10.3.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP3:tk-8.6.12-150300.10.3.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP3:tk-8.6.12-150300.10.3.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:tk-devel-8.6.12-150300.10.3.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:tk-devel-8.6.12-150300.10.3.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:tk-devel-8.6.12-150300.10.3.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:tk-devel-8.6.12-150300.10.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-32bit-8.6.12-150300.14.3.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-8.6.12-150300.14.3.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-8.6.12-150300.14.3.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-8.6.12-150300.14.3.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-8.6.12-150300.14.3.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-devel-8.6.12-150300.14.3.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-devel-8.6.12-150300.14.3.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-devel-8.6.12-150300.14.3.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP3:tcl-devel-8.6.12-150300.14.3.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:tk-32bit-8.6.12-150300.10.3.1.x86_64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:tk-8.6.12-150300.10.3.1.aarch64", "SUSE Linux Enterprise Module for Basesystem 15 SP3:tk-8.6.12-150300.10.3.1.ppc64le", "SUSE Linux Enterprise Module for Basesystem 15 SP3:tk-8.6.12-150300.10.3.1.s390x", "SUSE Linux Enterprise Module for Basesystem 15 SP3:tk-8.6.12-150300.10.3.1.x86_64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:tk-devel-8.6.12-150300.10.3.1.aarch64", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:tk-devel-8.6.12-150300.10.3.1.ppc64le", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:tk-devel-8.6.12-150300.10.3.1.s390x", "SUSE Linux Enterprise Module for Desktop Applications 15 SP3:tk-devel-8.6.12-150300.10.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-03-16T06:16:05Z", details: "important", }, ], title: "CVE-2021-35331", }, ], }
fkie_cve-2021-35331
Vulnerability from fkie_nvd
Published
2021-07-05 15:15
Modified
2024-11-21 06:12
Severity ?
Summary
In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://core.tcl-lang.org/tcl/info/28ef6c0c741408a2 | Exploit, Patch, Vendor Advisory | |
| cve@mitre.org | https://core.tcl-lang.org/tcl/info/bad6cc213dfe8280 | Exploit, Vendor Advisory | |
| cve@mitre.org | https://github.com/tcltk/tcl/commit/4705dbdde2f32ff90420765cd93e7ac71d81a222 | Patch, Third Party Advisory | |
| cve@mitre.org | https://sqlite.org/forum/info/7dcd751996c93ec9 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://core.tcl-lang.org/tcl/info/28ef6c0c741408a2 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://core.tcl-lang.org/tcl/info/bad6cc213dfe8280 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/tcltk/tcl/commit/4705dbdde2f32ff90420765cd93e7ac71d81a222 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sqlite.org/forum/info/7dcd751996c93ec9 | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tcl:tcl:8.6.11:*:*:*:*:*:*:*", matchCriteriaId: "6BE08290-3693-466E-A9E8-92E1E40D6357", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [ { sourceIdentifier: "cve@mitre.org", tags: [ "disputed", ], }, ], descriptions: [ { lang: "en", value: "In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding", }, { lang: "es", value: "** EN DISPUTA ** En Tcl versión 8.6.11, una vulnerabilidad de cadena de formato en nmakehlp.c podría permitir la ejecución de código a través de un archivo manipulado. NOTA: varios terceros discuten la importancia de este hallazgo.", }, ], id: "CVE-2021-35331", lastModified: "2024-11-21T06:12:14.127", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-07-05T15:15:07.997", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "https://core.tcl-lang.org/tcl/info/28ef6c0c741408a2", }, { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "https://core.tcl-lang.org/tcl/info/bad6cc213dfe8280", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/tcltk/tcl/commit/4705dbdde2f32ff90420765cd93e7ac71d81a222", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://sqlite.org/forum/info/7dcd751996c93ec9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "https://core.tcl-lang.org/tcl/info/28ef6c0c741408a2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://core.tcl-lang.org/tcl/info/bad6cc213dfe8280", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/tcltk/tcl/commit/4705dbdde2f32ff90420765cd93e7ac71d81a222", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://sqlite.org/forum/info/7dcd751996c93ec9", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-134", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
ghsa-539q-24vg-qfm4
Vulnerability from github
Published
2022-05-24 19:06
Modified
2024-03-21 03:34
Severity ?
Details
** DISPUTED ** In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crated file. NOTE: multiple third parties dispute the significance of this finding.
{ affected: [], aliases: [ "CVE-2021-35331", ], database_specific: { cwe_ids: [ "CWE-134", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2021-07-05T15:15:00Z", severity: "HIGH", }, details: "** DISPUTED ** In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crated file. NOTE: multiple third parties dispute the significance of this finding.", id: "GHSA-539q-24vg-qfm4", modified: "2024-03-21T03:34:05Z", published: "2022-05-24T19:06:55Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-35331", }, { type: "WEB", url: "https://github.com/tcltk/tcl/commit/4705dbdde2f32ff90420765cd93e7ac71d81a222", }, { type: "WEB", url: "https://core.tcl-lang.org/tcl/info/28ef6c0c741408a2", }, { type: "WEB", url: "https://core.tcl-lang.org/tcl/info/bad6cc213dfe8280", }, { type: "WEB", url: "https://sqlite.org/forum/info/7dcd751996c93ec9", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", type: "CVSS_V3", }, ], }
gsd-2021-35331
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
** DISPUTED ** In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding.
Aliases
Aliases
{ GSD: { alias: "CVE-2021-35331", description: "** DISPUTED ** In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding.", id: "GSD-2021-35331", references: [ "https://www.suse.com/security/cve/CVE-2021-35331.html", "https://security.archlinux.org/CVE-2021-35331", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2021-35331", ], details: "** DISPUTED ** In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding.", id: "GSD-2021-35331", modified: "2023-12-13T01:23:28.410990Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-35331", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "** DISPUTED ** In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://core.tcl-lang.org/tcl/info/bad6cc213dfe8280", refsource: "MISC", url: "https://core.tcl-lang.org/tcl/info/bad6cc213dfe8280", }, { name: "https://core.tcl-lang.org/tcl/info/28ef6c0c741408a2", refsource: "MISC", url: "https://core.tcl-lang.org/tcl/info/28ef6c0c741408a2", }, { name: "https://github.com/tcltk/tcl/commit/4705dbdde2f32ff90420765cd93e7ac71d81a222", refsource: "MISC", url: "https://github.com/tcltk/tcl/commit/4705dbdde2f32ff90420765cd93e7ac71d81a222", }, { name: "https://sqlite.org/forum/info/7dcd751996c93ec9", refsource: "MISC", url: "https://sqlite.org/forum/info/7dcd751996c93ec9", }, ], }, }, "gitlab.com": { advisories: [ { affected_range: "=8.6.11", affected_versions: "Version 8.6.11", cvss_v2: "AV:N/AC:M/Au:N/C:P/I:P/A:P", cvss_v3: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", cwe_ids: [ "CWE-1035", "CWE-937", ], date: "2021-09-20", description: "In Tcl, a format string vulnerability in nmakehlp.c might allow code execution via a crated file.", fixed_versions: [], identifier: "CVE-2021-35331", identifiers: [ "CVE-2021-35331", ], not_impacted: "", package_slug: "conan/tcl", pubdate: "2021-07-05", solution: "Unfortunately, there is no solution available yet.", title: "Use of Externally-Controlled Format String", urls: [ "https://nvd.nist.gov/vuln/detail/CVE-2021-35331", "https://core.tcl-lang.org/tcl/info/28ef6c0c741408a2", "https://core.tcl-lang.org/tcl/info/bad6cc213dfe8280", ], uuid: "eec45e1b-12ce-4b0b-9ef0-052c7dfe141a", }, ], }, "nvd.nist.gov": { cve: { configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tcl:tcl:8.6.11:*:*:*:*:*:*:*", matchCriteriaId: "6BE08290-3693-466E-A9E8-92E1E40D6357", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], descriptions: [ { lang: "en", value: "In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding", }, { lang: "es", value: "** EN DISPUTA ** En Tcl versión 8.6.11, una vulnerabilidad de cadena de formato en nmakehlp.c podría permitir la ejecución de código a través de un archivo manipulado. NOTA: varios terceros discuten la importancia de este hallazgo.", }, ], id: "CVE-2021-35331", lastModified: "2024-04-11T01:12:05.797", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-07-05T15:15:07.997", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "https://core.tcl-lang.org/tcl/info/28ef6c0c741408a2", }, { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "https://core.tcl-lang.org/tcl/info/bad6cc213dfe8280", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/tcltk/tcl/commit/4705dbdde2f32ff90420765cd93e7ac71d81a222", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://sqlite.org/forum/info/7dcd751996c93ec9", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-134", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }, }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.