CWE-843
AllowedAccess of Resource Using Incompatible Type ('Type Confusion')
Abstraction: Base · Status: Incomplete
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
1041 vulnerabilities reference this CWE, most recent first.
GHSA-29HX-FJXP-2FCX
Vulnerability from github – Published: 2024-03-11 21:31 – Updated: 2024-08-27 18:31In aoc_unlocked_ioctl of aoc.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2024-27236"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-11T19:15:49Z",
"severity": "HIGH"
},
"details": "In aoc_unlocked_ioctl of aoc.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-29hx-fjxp-2fcx",
"modified": "2024-08-27T18:31:34Z",
"published": "2024-03-11T21:31:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27236"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2024-03-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2CCX-RP57-FP56
Vulnerability from github – Published: 2022-07-28 00:00 – Updated: 2022-08-03 00:00Type Confusion in V8 in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2022-1869"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-27T22:15:00Z",
"severity": "MODERATE"
},
"details": "Type Confusion in V8 in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"id": "GHSA-2ccx-rp57-fp56",
"modified": "2022-08-03T00:00:53Z",
"published": "2022-07-28T00:00:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1869"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1309467"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-25"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-2FM9-M3J5-Q4FM
Vulnerability from github – Published: 2025-08-07 17:34 – Updated: 2025-08-07 17:34LinkJoin through 882f196 mishandles lacks type checking in password reset.
{
"affected": [],
"aliases": [
"CVE-2025-55137"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-07T17:15:30Z",
"severity": "HIGH"
},
"details": "LinkJoin through 882f196 mishandles lacks type checking in password reset.",
"id": "GHSA-2fm9-m3j5-q4fm",
"modified": "2025-08-07T17:34:43Z",
"published": "2025-08-07T17:34:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55137"
},
{
"type": "WEB",
"url": "https://github.com/Latkecrszy/linkjoin/pull/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-2G48-G9V2-G8W4
Vulnerability from github – Published: 2022-03-11 00:02 – Updated: 2022-03-17 00:01There is a vulnerability of accessing resources using an incompatible type (type confusion) in the Bastet module. Successful exploitation of this vulnerability may affect integrity.
{
"affected": [],
"aliases": [
"CVE-2021-40061"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-10T17:43:00Z",
"severity": "HIGH"
},
"details": "There is a vulnerability of accessing resources using an incompatible type (type confusion) in the Bastet module. Successful exploitation of this vulnerability may affect integrity.",
"id": "GHSA-2g48-g9v2-g8w4",
"modified": "2022-03-17T00:01:51Z",
"published": "2022-03-11T00:02:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40061"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2022/3"
},
{
"type": "WEB",
"url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-phones-202203-0000001257385193"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-2GCQ-CWW3-J4HR
Vulnerability from github – Published: 2025-01-22 00:33 – Updated: 2025-01-23 18:31A type confusion in the nas_message_decode function of Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted NAS packet.
{
"affected": [],
"aliases": [
"CVE-2024-24421"
],
"database_specific": {
"cwe_ids": [
"CWE-843",
"CWE-94"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-21T23:15:12Z",
"severity": "CRITICAL"
},
"details": "A type confusion in the nas_message_decode function of Magma \u003c= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted NAS packet.",
"id": "GHSA-2gcq-cww3-j4hr",
"modified": "2025-01-23T18:31:18Z",
"published": "2025-01-22T00:33:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24421"
},
{
"type": "WEB",
"url": "https://cellularsecurity.org/ransacked"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2H8J-8R9P-849F
Vulnerability from github – Published: 2025-09-19 06:31 – Updated: 2025-09-22 22:55Overview
A type confusion issue exists in the @digitalocean/do-markdownit package. In the callout and fence_environment plugins, the allowedClasses and allowedEnvironments options are expected to be arrays of strings. If these options are provided as a single string, the code applies .includes directly on the string, resulting in substring matching instead of membership checks against an array.
Affected Versions
All versions up to and including 1.16.1 (npm).
Impact
Supplying crafted input can bypass intended allow-lists (e.g., class/environment constraints) due to substring checks, which may enable rendering of unintended classes or environments and lead to policy bypass in downstream consumers.
Mitigation
Until an upstream fix is released, ensure configuration normalization before invoking the plugins:
- Validate that allowedClasses and allowedEnvironments are arrays (Array.isArray(...)), converting single strings into one-element arrays when necessary.
- Consider sanitizing or strictly validating user-controlled values that influence Markdown rendering.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@digitalocean/do-markdownit"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.16.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-59717"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": true,
"github_reviewed_at": "2025-09-19T17:15:44Z",
"nvd_published_at": "2025-09-19T04:16:49Z",
"severity": "MODERATE"
},
"details": "### Overview\nA type confusion issue exists in the `@digitalocean/do-markdownit` package. In the `callout` and `fence_environment` plugins, the `allowedClasses` and `allowedEnvironments` options are expected to be arrays of strings. If these options are provided as a single string, the code applies `.includes` directly on the string, resulting in substring matching instead of membership checks against an array.\n\n### Affected Versions\nAll versions up to and including 1.16.1 (npm).\n\n### Impact\nSupplying crafted input can bypass intended allow-lists (e.g., class/environment constraints) due to substring checks, which may enable rendering of unintended classes or environments and lead to policy bypass in downstream consumers.\n\n### Mitigation\nUntil an upstream fix is released, ensure configuration normalization before invoking the plugins:\n- Validate that `allowedClasses` and `allowedEnvironments` are arrays (`Array.isArray(...)`), converting single strings into one-element arrays when necessary.\n- Consider sanitizing or strictly validating user-controlled values that influence Markdown rendering.",
"id": "GHSA-2h8j-8r9p-849f",
"modified": "2025-09-22T22:55:37Z",
"published": "2025-09-19T06:31:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59717"
},
{
"type": "WEB",
"url": "https://gist.github.com/thesmartshadow/dd19665f1f51a4e3c7a766e70c9eafd0"
},
{
"type": "PACKAGE",
"url": "https://github.com/digitalocean/do-markdownit"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/package/@digitalocean/do-markdownit"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "@digitalocean/do-markdownit has Type Confusion vulnerability"
}
GHSA-2HWP-XJ49-9V3J
Vulnerability from github – Published: 2026-05-29 00:38 – Updated: 2026-05-29 15:30Type Confusion in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2026-9983"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-28T23:16:56Z",
"severity": "HIGH"
},
"details": "Type Confusion in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-2hwp-xj49-9v3j",
"modified": "2026-05-29T15:30:32Z",
"published": "2026-05-29T00:38:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9983"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/513001309"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2JVQ-3RHR-97X9
Vulnerability from github – Published: 2022-05-24 19:14 – Updated: 2023-12-28 21:30Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-38660.
{
"affected": [],
"aliases": [
"CVE-2021-38658"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-15T12:15:00Z",
"severity": "HIGH"
},
"details": "Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-38660.",
"id": "GHSA-2jvq-3rhr-97x9",
"modified": "2023-12-28T21:30:30Z",
"published": "2022-05-24T19:14:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38658"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-38658"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1083"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2P34-PPJG-JR32
Vulnerability from github – Published: 2026-06-09 18:30 – Updated: 2026-06-09 18:30Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
{
"affected": [],
"aliases": [
"CVE-2026-44817"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-09T17:17:17Z",
"severity": "HIGH"
},
"details": "Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.",
"id": "GHSA-2p34-ppjg-jr32",
"modified": "2026-06-09T18:30:47Z",
"published": "2026-06-09T18:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44817"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44817"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2PC4-PM2M-Q53R
Vulnerability from github – Published: 2026-02-18 12:31 – Updated: 2026-02-18 12:31The Brevo - Email, SMS, Web Push, Chat, and more. plugin for WordPress is vulnerable to authorization bypass due to type juggling in all versions up to, and including, 3.3.0. This is due to the use of loose comparison (==) instead of strict comparison (===) when validating the installation ID in the /wp-json/mailin/v1/mailin_disconnect REST API endpoint. This makes it possible for unauthenticated attackers to disconnect the Brevo integration, delete the API key, remove all subscription forms, and reset plugin settings by sending a boolean true value for the id parameter, which bypasses the authorization check through PHP type juggling.
{
"affected": [],
"aliases": [
"CVE-2025-14799"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-18T12:15:58Z",
"severity": "MODERATE"
},
"details": "The Brevo - Email, SMS, Web Push, Chat, and more. plugin for WordPress is vulnerable to authorization bypass due to type juggling in all versions up to, and including, 3.3.0. This is due to the use of loose comparison (==) instead of strict comparison (===) when validating the installation ID in the `/wp-json/mailin/v1/mailin_disconnect` REST API endpoint. This makes it possible for unauthenticated attackers to disconnect the Brevo integration, delete the API key, remove all subscription forms, and reset plugin settings by sending a boolean `true` value for the `id` parameter, which bypasses the authorization check through PHP type juggling.",
"id": "GHSA-2pc4-pm2m-q53r",
"modified": "2026-02-18T12:31:11Z",
"published": "2026-02-18T12:31:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14799"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/mailin/tags/3.2.9/sendinblue.php#L1795"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/mailin/tags/3.2.9/sendinblue.php#L1833"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset/3448639"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f29e5b19-2505-4b02-92c7-071833de6bc2?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.