CWE-704
Allowed-with-ReviewIncorrect Type Conversion or Cast
Abstraction: Class · Status: Incomplete
The product does not correctly convert an object, resource, or structure from one type to a different type.
334 vulnerabilities reference this CWE, most recent first.
GHSA-G862-F67G-FVX4
Vulnerability from github – Published: 2022-05-13 01:26 – Updated: 2022-05-13 01:26Google Chrome before 11.0.696.68 does not properly perform casts of variables during interaction with the WebKit engine, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
{
"affected": [],
"aliases": [
"CVE-2011-1799"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2011-05-16T17:55:00Z",
"severity": "MODERATE"
},
"details": "Google Chrome before 11.0.696.68 does not properly perform casts of variables during interaction with the WebKit engine, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.",
"id": "GHSA-g862-f67g-fvx4",
"modified": "2022-05-13T01:26:17Z",
"published": "2022-05-13T01:26:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1799"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14029"
},
{
"type": "WEB",
"url": "http://code.google.com/p/chromium/issues/detail?id=64046"
},
{
"type": "WEB",
"url": "http://googlechromereleases.blogspot.com/2011/05/stable-channel-update.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2011/dsa-2245"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-GCJ3-C79F-CWJW
Vulnerability from github – Published: 2022-05-14 00:53 – Updated: 2022-05-14 00:53Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
{
"affected": [],
"aliases": [
"CVE-2018-12812"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-20T19:29:00Z",
"severity": "CRITICAL"
},
"details": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",
"id": "GHSA-gcj3-c79f-cwjw",
"modified": "2022-05-14T00:53:19Z",
"published": "2022-05-14T00:53:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12812"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GCW4-6M66-W6FV
Vulnerability from github – Published: 2024-06-03 12:30 – Updated: 2024-06-03 12:30transient DOS when setting up a fence callback to free a KGSL memory entry object during DMA.
{
"affected": [],
"aliases": [
"CVE-2024-21478"
],
"database_specific": {
"cwe_ids": [
"CWE-476",
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-03T10:15:11Z",
"severity": "MODERATE"
},
"details": "transient DOS when setting up a fence callback to free a KGSL memory entry object during DMA.",
"id": "GHSA-gcw4-6m66-w6fv",
"modified": "2024-06-03T12:30:38Z",
"published": "2024-06-03T12:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21478"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2024-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GF2C-MWWH-X43R
Vulnerability from github – Published: 2022-05-14 01:01 – Updated: 2022-05-14 01:01Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2016-7860"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-11-08T17:59:00Z",
"severity": "HIGH"
},
"details": "Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.",
"id": "GHSA-gf2c-mwwh-x43r",
"modified": "2022-05-14T01:01:45Z",
"published": "2022-05-14T01:01:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7860"
},
{
"type": "WEB",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-141"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-37.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201611-18"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2676.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/94151"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1037240"
},
{
"type": "WEB",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-601"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GFVF-9R5V-2JP2
Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32Incorrect type conversion or cast in Windows Notification allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2026-50337"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T18:17:33Z",
"severity": "HIGH"
},
"details": "Incorrect type conversion or cast in Windows Notification allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-gfvf-9r5v-2jp2",
"modified": "2026-07-14T18:32:16Z",
"published": "2026-07-14T18:32:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50337"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50337"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GQ7V-V27C-RX72
Vulnerability from github – Published: 2022-01-14 00:02 – Updated: 2023-04-19 18:30Possible denial of service due to incorrectly decoding hex data for the SIB2 OTA message and assigning a garbage value to choice when processing the SRS configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables
{
"affected": [],
"aliases": [
"CVE-2021-30300"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-13T12:15:00Z",
"severity": "HIGH"
},
"details": "Possible denial of service due to incorrectly decoding hex data for the SIB2 OTA message and assigning a garbage value to choice when processing the SRS configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
"id": "GHSA-gq7v-v27c-rx72",
"modified": "2023-04-19T18:30:53Z",
"published": "2022-01-14T00:02:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30300"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/january-2022-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GQMH-GH38-RG3X
Vulnerability from github – Published: 2022-05-13 01:31 – Updated: 2022-05-13 01:31This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the absPageSpan method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5372.
{
"affected": [],
"aliases": [
"CVE-2018-9938"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-05-17T15:29:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the absPageSpan method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5372.",
"id": "GHSA-gqmh-gh38-rg3x",
"modified": "2022-05-13T01:31:40Z",
"published": "2022-05-13T01:31:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9938"
},
{
"type": "WEB",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"type": "WEB",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-322"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GQVR-Q8FG-26RW
Vulnerability from github – Published: 2022-05-14 01:07 – Updated: 2022-05-14 01:07psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.
{
"affected": [],
"aliases": [
"CVE-2018-19476"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-11-23T05:29:00Z",
"severity": "HIGH"
},
"details": "psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.",
"id": "GHSA-gqvr-q8fg-26rw",
"modified": "2022-05-14T01:07:01Z",
"published": "2022-05-14T01:07:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19476"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHBA-2019:0327"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:0229"
},
{
"type": "WEB",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=700169"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00036.html"
},
{
"type": "WEB",
"url": "https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdf"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3831-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4346"
},
{
"type": "WEB",
"url": "https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26"
},
{
"type": "WEB",
"url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=67d760ab775dae4efe803b5944b0439aa3c0b04a"
},
{
"type": "WEB",
"url": "http://git.ghostscript.com/?p=ghostpdl.git;h=434753adbe8be5534bfb9b7d91746023e8073d16"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/106154"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GX3X-VQ4P-MHHV
Vulnerability from github – Published: 2026-02-02 22:11 – Updated: 2026-02-27 21:41Impact
The cert-manager-controller performs DNS lookups during ACME DNS-01 processing (for zone discovery and propagation self-checks). By default, these lookups use standard unencrypted DNS.
An attacker who can intercept and modify DNS traffic from the cert-manager-controller pod can insert a crafted entry into cert-manager's DNS cache. Accessing this entry will trigger a panic, resulting in Denial of Service (DoS) of the cert-manager controller.
The issue can also be exploited if the authoritative DNS server for the domain being validated is controlled by a malicious actor.
Patches
The vulnerability was introduced in cert-manager v1.18.0 and has been patched in cert-manager v1.19.3 and v1.18.5, which are the supported minor releases at the time of publishing.
cert-manager versions prior to v1.18.0 are unaffected.
Workarounds
- Using DNS-over-HTTPS reduces the risk of DNS traffic being intercepted and modified.
- Note that DNS-over-HTTPS does not prevent the risk of an attacker-controlled authoritative DNS server.
Resources
- Fix for cert-manager 1.18: https://github.com/cert-manager/cert-manager/pull/8467
- Fix for cert-manager 1.19: https://github.com/cert-manager/cert-manager/pull/8468
- Fix for master branch: https://github.com/cert-manager/cert-manager/pull/8469
Credits
Huge thanks to Oleh Konko (@1seal) for reporting the issue, providing a detailed PoC and an initial patch!
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/cert-manager/cert-manager"
},
"ranges": [
{
"events": [
{
"introduced": "1.18.0"
},
{
"fixed": "1.18.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/cert-manager/cert-manager"
},
"ranges": [
{
"events": [
{
"introduced": "1.19.0"
},
{
"fixed": "1.19.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-25518"
],
"database_specific": {
"cwe_ids": [
"CWE-129",
"CWE-704"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-02T22:11:06Z",
"nvd_published_at": "2026-02-04T22:15:58Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nThe cert-manager-controller performs DNS lookups during ACME DNS-01 processing (for zone discovery and propagation self-checks). By default, these lookups use standard unencrypted DNS.\n\nAn attacker who can intercept and modify DNS traffic from the cert-manager-controller pod can insert a crafted entry into cert-manager\u0027s DNS cache. Accessing this entry will trigger a panic, resulting in Denial of Service (DoS) of the cert-manager controller.\n\nThe issue can also be exploited if the authoritative DNS server for the domain being validated is controlled by a malicious actor.\n\n### Patches\n\nThe vulnerability was introduced in cert-manager v1.18.0 and has been patched in cert-manager v1.19.3 and v1.18.5, which are the supported minor releases at the time of publishing.\n\ncert-manager versions prior to v1.18.0 are unaffected.\n\n### Workarounds\n\n- Using DNS-over-HTTPS reduces the risk of DNS traffic being intercepted and modified.\n - Note that DNS-over-HTTPS does *not* prevent the risk of an attacker-controlled authoritative DNS server.\n\n### Resources\n\n- Fix for cert-manager 1.18: https://github.com/cert-manager/cert-manager/pull/8467\n- Fix for cert-manager 1.19: https://github.com/cert-manager/cert-manager/pull/8468\n- Fix for master branch: https://github.com/cert-manager/cert-manager/pull/8469\n\n### Credits\n\nHuge thanks to Oleh Konko (@1seal) for reporting the issue, providing a detailed PoC and an initial patch!",
"id": "GHSA-gx3x-vq4p-mhhv",
"modified": "2026-02-27T21:41:50Z",
"published": "2026-02-02T22:11:06Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/cert-manager/cert-manager/security/advisories/GHSA-gx3x-vq4p-mhhv"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25518"
},
{
"type": "WEB",
"url": "https://github.com/cert-manager/cert-manager/pull/8467"
},
{
"type": "WEB",
"url": "https://github.com/cert-manager/cert-manager/pull/8468"
},
{
"type": "WEB",
"url": "https://github.com/cert-manager/cert-manager/pull/8469"
},
{
"type": "WEB",
"url": "https://github.com/cert-manager/cert-manager/commit/409fc24e539711a07aae45ed45abbe03dfdad2cc"
},
{
"type": "WEB",
"url": "https://github.com/cert-manager/cert-manager/commit/9a73a0b3853035827edd37ac463e4803ba10327d"
},
{
"type": "WEB",
"url": "https://github.com/cert-manager/cert-manager/commit/d4faed26ae12115cceb807cdc12507ebc28980e2"
},
{
"type": "PACKAGE",
"url": "https://github.com/cert-manager/cert-manager"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2026-4399"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "cert-manager-controller DoS via Specially Crafted DNS Response"
}
GHSA-GX73-2498-R55C
Vulnerability from github – Published: 2021-08-25 20:46 – Updated: 2023-06-13 17:17The implementation of impl Follow for bool allows to reinterpret arbitrary bytes as a bool.
In Rust bool has stringent requirements for its in-memory representation. Use of this function allows to violate these requirements and invoke undefined behaviour in safe code.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "flatbuffers"
},
"ranges": [
{
"events": [
{
"introduced": "0.4.0"
},
{
"fixed": "0.6.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-25004"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-19T21:19:36Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "The implementation of impl Follow for bool allows to reinterpret arbitrary bytes as a bool.\n\nIn Rust bool has stringent requirements for its in-memory representation. Use of this function allows to violate these requirements and invoke undefined behaviour in safe code.",
"id": "GHSA-gx73-2498-r55c",
"modified": "2023-06-13T17:17:49Z",
"published": "2021-08-25T20:46:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25004"
},
{
"type": "WEB",
"url": "https://github.com/google/flatbuffers/issues/5530"
},
{
"type": "PACKAGE",
"url": "https://github.com/google/flatbuffers"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2019-0028.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Unsound casting in flatbuffers"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.