diff --git a/Fix-bad6cc213d-A-format-string-vulnerability-in-Tcl-.patch b/Fix-bad6cc213d-A-format-string-vulnerability-in-Tcl-.patch
new file mode 100644
index 0000000000000000000000000000000000000000..3655229b93065c387ad91faebeb1b509785f29d0
--- /dev/null
+++ b/Fix-bad6cc213d-A-format-string-vulnerability-in-Tcl-.patch
@@ -0,0 +1,36 @@
+From 30db6ce78e7c4b96b977320e4d16555a93401c8d Mon Sep 17 00:00:00 2001
+From: "jan.nijtmans" <nijtmans@users.sourceforge.net>
+Date: Tue, 22 Jun 2021 09:02:00 +0000
+Subject: [PATCH] Fix [bad6cc213d]: A format string vulnerability in Tcl
+ nmakehelp.c allows code execution via a crated file. Also change a memcpy()
+ to a memmove(), because the range could be overlapping
+
+---
+ win/nmakehlp.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/win/nmakehlp.c b/win/nmakehlp.c
+index 7536ede..4021346 100644
+--- a/win/nmakehlp.c
++++ b/win/nmakehlp.c
+@@ -537,7 +537,7 @@ GetVersionFromFile(
+ 		    ++q;
+ 		}
+ 
+-		memcpy(szBuffer, p, q - p);
++		memmove(szBuffer, p, q - p);
+ 		szBuffer[q-p] = 0;
+ 		szResult = szBuffer;
+ 		break;
+@@ -674,7 +674,7 @@ SubstituteFile(
+ 		    memcpy(szBuffer, szCopy, sizeof(szCopy));
+ 		}
+ 	    }
+-	    printf(szBuffer);
++	    printf("%s", szBuffer);
+ 	}
+ 
+ 	list_free(&substPtr);
+-- 
+1.8.3.1
+
diff --git a/tcl.spec b/tcl.spec
index 8f2e14b185a79270d6cb312635ed8dd75d4576cc..b3fd192d9d97259fae1020bc8eb6515023395c33 100644
--- a/tcl.spec
+++ b/tcl.spec
@@ -2,7 +2,7 @@
 
 Name:          tcl
 Version:       8.6.10
-Release:       3
+Release:       4
 Epoch:         1
 Summary:       The Tool Command Language implementation
 License:       BSD
@@ -26,6 +26,7 @@ Patch8:     Improved-overflow-prevention-1.patch
 Patch9:     Improved-overflow-prevention-2.patch
 Patch10:    fix-exec-test-error.patch
 Patch11:    File-not-found-should-be-ignored-silently.patch
+Patch12:    Fix-bad6cc213d-A-format-string-vulnerability-in-Tcl-.patch
 
 %description
 Tcl(Tool Command Language) provides a powerful platform for creating integration applications
@@ -127,6 +128,12 @@ make test
 %{_mandir}/mann/*
 
 %changelog
+* Mon Jun 13 2022 zhangruifang <zhangruifang1@h-partners.com> - 1:8.6.10-4
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:Fix cve-2021-35331
+
 * Fri May 28 2021 yangzhuangzhuang <yangzhuangzhuang1@huawei.com> - 1:8.6.10-3
 - Type:bugfix
 - ID:NA