Common Weakness Enumeration

CWE-843

Allowed

Access of Resource Using Incompatible Type ('Type Confusion')

Abstraction: Base · Status: Incomplete

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

1041 vulnerabilities reference this CWE, most recent first.

GHSA-3XQP-CQ53-77H7

Vulnerability from github – Published: 2022-05-24 17:25 – Updated: 2022-10-07 00:00
VLAI
Details

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a type confusion condition, which may allow remote code execution, disclosure/modification of information, or cause the application to crash.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-16229"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-08-06T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a type confusion condition, which may allow remote code execution, disclosure/modification of information, or cause the application to crash.",
  "id": "GHSA-3xqp-cq53-77h7",
  "modified": "2022-10-07T00:00:40Z",
  "published": "2022-05-24T17:25:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16229"
    },
    {
      "type": "WEB",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-219-02"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-954"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3XV5-5R76-45HV

Vulnerability from github – Published: 2025-09-17 21:30 – Updated: 2025-09-17 21:30
VLAI
Details

Ashlar-Vellum Cobalt AR File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of AR files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26049.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-7999"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-17T21:15:41Z",
    "severity": "HIGH"
  },
  "details": "Ashlar-Vellum Cobalt AR File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of AR files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26049.",
  "id": "GHSA-3xv5-5r76-45hv",
  "modified": "2025-09-17T21:30:44Z",
  "published": "2025-09-17T21:30:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7999"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-713"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4297-FX5C-X987

Vulnerability from github – Published: 2023-06-26 21:31 – Updated: 2025-05-05 18:32
VLAI
Details

Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-3420"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-26T21:15:09Z",
    "severity": "HIGH"
  },
  "details": "Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-4297-fx5c-x987",
  "modified": "2025-05-05T18:32:42Z",
  "published": "2023-06-26T21:31:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3420"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1452137"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KREKCQTJDVI2AEBG5ECZPSOQXIC2L5XL"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBAHED5YFJPRGSEKNZIYHZBGSVHGEHOH"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202401-34"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5440"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-434X-X8HH-23X9

Vulnerability from github – Published: 2021-12-24 00:01 – Updated: 2021-12-29 00:01
VLAI
Details

Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-38007"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-23T01:15:00Z",
    "severity": "HIGH"
  },
  "details": "Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
  "id": "GHSA-434x-x8hh-23x9",
  "modified": "2021-12-29T00:01:14Z",
  "published": "2021-12-24T00:01:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38007"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1254189"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2022/dsa-5046"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-4368-3X2V-G4CM

Vulnerability from github – Published: 2022-05-17 00:54 – Updated: 2022-05-17 00:54
VLAI
Details

Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2013-2882"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-07-31T13:20:00Z",
    "severity": "HIGH"
  },
  "details": "Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage \"type confusion.\"",
  "id": "GHSA-4368-3x2v-g4cm",
  "modified": "2022-05-17T00:54:38Z",
  "published": "2022-05-17T00:54:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2882"
    },
    {
      "type": "WEB",
      "url": "https://code.google.com/p/chromium/issues/detail?id=260106"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17329"
    },
    {
      "type": "WEB",
      "url": "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1201.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2013/dsa-2732"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-4385-M364-47G5

Vulnerability from github – Published: 2022-11-02 12:00 – Updated: 2023-01-23 21:30
VLAI
Details

A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-32915"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-01T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges.",
  "id": "GHSA-4385-m364-47g5",
  "modified": "2023-01-23T21:30:25Z",
  "published": "2022-11-02T12:00:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32915"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT213488"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT213604"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Jan/20"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-43XJ-964V-HCJF

Vulnerability from github – Published: 2022-05-04 00:30 – Updated: 2025-10-22 03:30
VLAI
Details

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2012-0507"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-06-07T22:55:00Z",
    "severity": "HIGH"
  },
  "details": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency.  NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions.  NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue.",
  "id": "GHSA-43xj-964v-hcjf",
  "modified": "2025-10-22T03:30:31Z",
  "published": "2022-05-04T00:30:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0507"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=788994"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-0507"
    },
    {
      "type": "WEB",
      "url": "http://blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-sandbox-breach-cve-2012-0507.aspx"
    },
    {
      "type": "WEB",
      "url": "http://krebsonsecurity.com/2012/03/new-java-attack-rolled-into-exploit-packs"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=133364885411663\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=133365109612558\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=133847939902305\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0508.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0514.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/48589"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/48692"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/48915"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/48948"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/48950"
    },
    {
      "type": "WEB",
      "url": "http://weblog.ikvm.net/PermaLink.aspx?guid=cd48169a-9405-4f63-9087-798c4a1866d3"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2012/dsa-2420"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/52161"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4433-JWM9-48R5

Vulnerability from github – Published: 2024-05-22 18:30 – Updated: 2024-07-03 18:43
VLAI
Details

Type Confusion in V8 in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to potentially perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-5158"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-22T16:15:10Z",
    "severity": "HIGH"
  },
  "details": "Type Confusion in V8 in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to potentially perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-4433-jwm9-48r5",
  "modified": "2024-07-03T18:43:14Z",
  "published": "2024-05-22T18:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5158"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_21.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/338908243"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KEVD4433KTOCYY6V4I7MMYKQ6URUS4L"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX6IYZ6XF7B2WE66NFPNI2NHWJFI6VDF"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-45C5-W4J9-W656

Vulnerability from github – Published: 2024-11-20 18:32 – Updated: 2024-11-20 21:30
VLAI
Details

In the deserialization constructor of NanoAppFilter.java, there is a possible loss of data due to type confusion. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is not needed for exploitation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-9471"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787",
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-20T18:15:19Z",
    "severity": "CRITICAL"
  },
  "details": "In the deserialization constructor of NanoAppFilter.java, there is a possible loss of data due to type confusion. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is not needed for exploitation.",
  "id": "GHSA-45c5-w4j9-w656",
  "modified": "2024-11-20T21:30:49Z",
  "published": "2024-11-20T18:32:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9471"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2018-09-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-45PC-7VPJ-9MR4

Vulnerability from github – Published: 2026-06-05 00:31 – Updated: 2026-06-05 03:31
VLAI
Details

Type Confusion in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-10936"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-04T23:16:56Z",
    "severity": "HIGH"
  },
  "details": "Type Confusion in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-45pc-7vpj-9mr4",
  "modified": "2026-06-05T03:31:31Z",
  "published": "2026-06-05T00:31:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10936"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/502439789"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.