Salmonx

**Name of the Vulnerable Software and Affected Versions** Tcl version 8.6.11 **Description** A format string vulnerability in the nmakehlp.c component of the Tcl programming language may allow code execution via a crafted file. This issue is related to insufficient processing of format strings, which could enable a remote attacker to access confidential data, compromise its integrity, and cause a denial of service using a specially crafted file. Note that multiple third parties dispute the significance of this finding. **Recommendations** For Tcl version 8.6.11, as a temporary workaround, consider restricting access to the nmakehlp.c component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.