Common Weakness Enumeration

CWE-704

Allowed-with-Review

Incorrect Type Conversion or Cast

Abstraction: Class · Status: Incomplete

The product does not correctly convert an object, resource, or structure from one type to a different type.

334 vulnerabilities reference this CWE, most recent first.

GHSA-5C6Q-F783-H888

Vulnerability from github – Published: 2022-09-30 00:00 – Updated: 2024-10-07 20:58
VLAI
Summary
Duplicate Advisory: AWS Redshift JDBC Driver fails to validate class type during object instantiation
Details

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-jc69-hjw2-fm86. This link is maintained to preserve external references.

Original Description

In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name. This issue has been fixed in version 2.1.0.8.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.amazon.redshift:redshift-jdbc42"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.0.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-704"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-30T23:02:26Z",
    "nvd_published_at": "2022-09-29T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-jc69-hjw2-fm86. This link is maintained to preserve external references.\n\n## Original Description\nIn Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name. This issue has been fixed in version 2.1.0.8.",
  "id": "GHSA-5c6q-f783-h888",
  "modified": "2024-10-07T20:58:38Z",
  "published": "2022-09-30T00:00:20Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-jc69-hjw2-fm86"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41828"
    },
    {
      "type": "WEB",
      "url": "https://github.com/aws/amazon-redshift-jdbc-driver/commit/40b143b4698faf90c788ffa89f2d4d8d2ad068b5"
    },
    {
      "type": "WEB",
      "url": "https://github.com/aws/amazon-redshift-jdbc-driver/commit/9999659bbc9f3d006fb02a0bf39d5bcf3b503605"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/aws/amazon-redshift-jdbc-driver"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Duplicate Advisory: AWS Redshift JDBC Driver fails to validate class type during object instantiation",
  "withdrawn": "2024-10-07T20:58:38Z"
}

GHSA-5MJM-4FV7-XQV7

Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34
VLAI
Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeTemplate method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6036.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-14273"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-704"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-31T20:29:00Z",
    "severity": "HIGH"
  },
  "details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeTemplate method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6036.",
  "id": "GHSA-5mjm-4fv7-xqv7",
  "modified": "2022-05-13T01:34:37Z",
  "published": "2022-05-13T01:34:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14273"
    },
    {
      "type": "WEB",
      "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
    },
    {
      "type": "WEB",
      "url": "https://zerodayinitiative.com/advisories/ZDI-18-733"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5P43-9JGP-MQG3

Vulnerability from github – Published: 2022-05-14 00:52 – Updated: 2022-05-14 00:52
VLAI
Details

Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-12876"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-704"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-12T18:29:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.",
  "id": "GHSA-5p43-9jgp-mqg3",
  "modified": "2022-05-14T00:52:37Z",
  "published": "2022-05-14T00:52:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12876"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105443"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1041809"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5QX6-4RCV-PG8J

Vulnerability from github – Published: 2024-05-31 09:31 – Updated: 2025-07-22 21:31
VLAI
Details

Type confusion in Snapchat LensCore could lead to denial of service or arbitrary code execution prior to version 12.88. We recommend upgrading to version 12.88 or above.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-5436"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-704",
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-31T09:15:09Z",
    "severity": "HIGH"
  },
  "details": "Type confusion in Snapchat LensCore could lead to denial of service or arbitrary code execution prior to version 12.88. We recommend upgrading to version 12.88 or above.",
  "id": "GHSA-5qx6-4rcv-pg8j",
  "modified": "2025-07-22T21:31:14Z",
  "published": "2024-05-31T09:31:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5436"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/snapchat"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-5RRM-2FM5-G6W3

Vulnerability from github – Published: 2022-05-13 01:37 – Updated: 2022-05-13 01:37
VLAI
Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the insert method of XFAScriptObject objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5016.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-14824"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-704",
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-12-20T14:29:00Z",
    "severity": "HIGH"
  },
  "details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the insert method of XFAScriptObject objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5016.",
  "id": "GHSA-5rrm-2fm5-g6w3",
  "modified": "2022-05-13T01:37:37Z",
  "published": "2022-05-13T01:37:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14824"
    },
    {
      "type": "WEB",
      "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
    },
    {
      "type": "WEB",
      "url": "https://zerodayinitiative.com/advisories/ZDI-17-868"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5VGC-HMW3-287J

Vulnerability from github – Published: 2022-05-14 01:52 – Updated: 2025-11-25 18:32
VLAI
Details

A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-12386"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-704"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-18T13:29:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR \u003c 60.2.2 and Firefox \u003c 62.0.3.",
  "id": "GHSA-5vgc-hmw3-287j",
  "modified": "2025-11-25T18:32:14Z",
  "published": "2022-05-14T01:52:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12386"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:2881"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:2884"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1493900"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201810-01"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3778-1"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4310"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2018-24"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105460"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1041770"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5WHW-3GRX-5F9W

Vulnerability from github – Published: 2023-03-10 21:30 – Updated: 2023-03-16 18:30
VLAI
Details

Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-40531"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-704"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-10T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.",
  "id": "GHSA-5whw-3grx-5f9w",
  "modified": "2023-03-16T18:30:30Z",
  "published": "2023-03-10T21:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40531"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/march-2023-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5XR5-FR44-483Q

Vulnerability from github – Published: 2022-05-13 01:40 – Updated: 2022-05-13 01:40
VLAI
Details

An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-35400551. References: QC-CR#1085928.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-0607"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-704"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-05-12T15:29:00Z",
    "severity": "HIGH"
  },
  "details": "An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-35400551. References: QC-CR#1085928.",
  "id": "GHSA-5xr5-fr44-483q",
  "modified": "2022-05-13T01:40:20Z",
  "published": "2022-05-13T01:40:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0607"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2017-05-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/98171"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-623H-G2QH-6FV2

Vulnerability from github – Published: 2022-05-14 03:14 – Updated: 2022-05-14 03:14
VLAI
Details

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "ATS" component. It allows attackers to gain privileges via a crafted app that leverages type confusion.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-4219"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-704"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-06-08T18:29:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the \"ATS\" component. It allows attackers to gain privileges via a crafted app that leverages type confusion.",
  "id": "GHSA-623h-g2qh-6fv2",
  "modified": "2022-05-14T03:14:14Z",
  "published": "2022-05-14T03:14:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4219"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT208849"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1041027"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-65J3-JRJ3-4MGP

Vulnerability from github – Published: 2025-04-16 15:34 – Updated: 2025-11-03 21:33
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

acpi: nfit: fix narrowing conversion in acpi_nfit_ctl

Syzkaller has reported a warning in to_nfit_bus_uuid(): "only secondary bus families can be translated". This warning is emited if the argument is equal to NVDIMM_BUS_FAMILY_NFIT == 0. Function acpi_nfit_ctl() first verifies that a user-provided value call_pkg->nd_family of type u64 is not equal to 0. Then the value is converted to int, and only after that is compared to NVDIMM_BUS_FAMILY_MAX. This can lead to passing an invalid argument to acpi_nfit_ctl(), if call_pkg->nd_family is non-zero, while the lower 32 bits are zero.

Furthermore, it is best to return EINVAL immediately upon seeing the invalid user input. The WARNING is insufficient to prevent further undefined behavior based on other invalid user input.

All checks of the input value should be applied to the original variable call_pkg->nd_family.

[iweiny: update commit message]

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-22044"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-704"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-16T15:15:57Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nacpi: nfit: fix narrowing conversion in acpi_nfit_ctl\n\nSyzkaller has reported a warning in to_nfit_bus_uuid(): \"only secondary\nbus families can be translated\". This warning is emited if the argument\nis equal to NVDIMM_BUS_FAMILY_NFIT == 0. Function acpi_nfit_ctl() first\nverifies that a user-provided value call_pkg-\u003end_family of type u64 is\nnot equal to 0. Then the value is converted to int, and only after that\nis compared to NVDIMM_BUS_FAMILY_MAX. This can lead to passing an invalid\nargument to acpi_nfit_ctl(), if call_pkg-\u003end_family is non-zero, while\nthe lower 32 bits are zero.\n\nFurthermore, it is best to return EINVAL immediately upon seeing the\ninvalid user input.  The WARNING is insufficient to prevent further\nundefined behavior based on other invalid user input.\n\nAll checks of the input value should be applied to the original variable\ncall_pkg-\u003end_family.\n\n[iweiny: update commit message]",
  "id": "GHSA-65j3-jrj3-4mgp",
  "modified": "2025-11-03T21:33:35Z",
  "published": "2025-04-16T15:34:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22044"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2ff0e408db36c21ed3fa5e3c1e0e687c82cf132f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4b65cff06a004ac54f6ea8886060f0d07b1ca055"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/73851cfceb00cc77d7a0851bc10f2263394c3e87"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/85f11291658ab907c4294319c8102450cc75bb96"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/92ba06aef65522483784dcbd6697629ddbd4c4f9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bae5b55e0f327102e78f6a66fb127275e9bc91b6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c90402d2a226ff7afbe1d0650bee8ecc15a91049"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e71a57c5aaa389d4c3c82f920761262efdd18d38"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.