Common Weakness Enumeration

CWE-843

Allowed

Access of Resource Using Incompatible Type ('Type Confusion')

Abstraction: Base · Status: Incomplete

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

1041 vulnerabilities reference this CWE, most recent first.

GHSA-5883-CQ6H-C598

Vulnerability from github – Published: 2022-05-24 17:28 – Updated: 2022-05-24 17:28
VLAI
Details

Type confusion in V8 in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-15965"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-09-21T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "Type confusion in V8 in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.",
  "id": "GHSA-5883-cq6h-c598",
  "modified": "2022-05-24T17:28:57Z",
  "published": "2022-05-24T17:28:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15965"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop_21.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1126249"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FN7HZIGAOCZKBT4LV363BCPRA5FLY25I"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNIYFJST4TFJYFZ27VODBOINCLBGULTD"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWNBJFBPKYCYSZTS54FHNCRZG6KC2AIJ"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202009-13"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202101-30"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2021/dsa-4824"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00087.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00095.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00096.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00049.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-596G-2P2M-3392

Vulnerability from github – Published: 2023-11-06 06:30 – Updated: 2023-11-13 21:30
VLAI
Details

In secmem, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08161762; Issue ID: ALPS08161762.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-32834"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-06T04:15:07Z",
    "severity": "MODERATE"
  },
  "details": "In secmem, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08161762; Issue ID: ALPS08161762.",
  "id": "GHSA-596g-2p2m-3392",
  "modified": "2023-11-13T21:30:57Z",
  "published": "2023-11-06T06:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32834"
    },
    {
      "type": "WEB",
      "url": "https://corp.mediatek.com/product-security-bulletin/November-2023"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-59J5-R3PJ-3Q9P

Vulnerability from github – Published: 2024-05-07 21:31 – Updated: 2024-07-03 18:39
VLAI
Details

In TBD of TBD, there is a possible confusion of OEM and DRM certificates due to improperly used crypto. This could lead to local bypass of DRM content protection with no additional execution privileges needed. User interaction is not needed for exploitation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-0042"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295",
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-07T21:15:08Z",
    "severity": "MODERATE"
  },
  "details": "In TBD of TBD, there is a possible confusion of OEM and DRM certificates due to improperly used crypto. This could lead to local bypass of DRM content protection with no additional execution privileges needed. User interaction is not needed for exploitation.",
  "id": "GHSA-59j5-r3pj-3q9p",
  "modified": "2024-07-03T18:39:46Z",
  "published": "2024-05-07T21:31:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0042"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2024-04-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-59WC-XC28-QHHH

Vulnerability from github – Published: 2022-05-13 01:22 – Updated: 2022-05-13 01:22
VLAI
Details

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-6215"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-03-05T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.",
  "id": "GHSA-59wc-xc28-qhhh",
  "modified": "2022-05-13T01:22:38Z",
  "published": "2022-05-13T01:22:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6215"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201903-12"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT209443"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT209447"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT209449"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT209450"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT209451"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3889-1"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/46448"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/106691"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5C4V-W575-7M4R

Vulnerability from github – Published: 2022-05-13 01:05 – Updated: 2022-05-13 01:05
VLAI
Details

Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion."

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-6992"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-704",
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-10-13T20:00:00Z",
    "severity": "CRITICAL"
  },
  "details": "Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code by leveraging an unspecified \"type confusion.\"",
  "id": "GHSA-5c4v-w575-7m4r",
  "modified": "2022-05-13T01:05:53Z",
  "published": "2022-05-13T01:05:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6992"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201610-10"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2057.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/93488"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1036985"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5CCQ-3H49-VJP2

Vulnerability from github – Published: 2023-05-31 00:31 – Updated: 2023-11-25 12:30
VLAI
Details

Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-2935"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-30T22:15:10Z",
    "severity": "HIGH"
  },
  "details": "Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-5ccq-3h49-vjp2",
  "modified": "2023-11-25T12:30:22Z",
  "published": "2023-05-31T00:31:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2935"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1440695"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202311-11"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202401-34"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5418"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/173196/Chrome-v8-internal-Object-SetPropertyWithAccessor-Type-Confusion.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5CMW-FHQ9-8FHH

Vulnerability from github – Published: 2022-04-01 00:00 – Updated: 2022-04-12 18:10
VLAI
Summary
Type Confusion in LiveHelperChat
Details

Live Helper Chat provides live support for your website. Loose comparison causes IDOR on multiple endpoints in LiveHelperChat prior to 3.96. There is a fix released in versions 3.96 and 3.97. Currently, there is no known workaround.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "remdex/livehelperchat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.96"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-1176"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-04-01T19:41:31Z",
    "nvd_published_at": "2022-03-31T10:15:00Z",
    "severity": "HIGH"
  },
  "details": "Live Helper Chat provides live support for your website. Loose comparison causes IDOR on multiple endpoints in LiveHelperChat prior to 3.96. There is a fix released in versions 3.96 and 3.97. Currently, there is no known workaround.",
  "id": "GHSA-5cmw-fhq9-8fhh",
  "modified": "2022-04-12T18:10:00Z",
  "published": "2022-04-01T00:00:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1176"
    },
    {
      "type": "WEB",
      "url": "https://github.com/livehelperchat/livehelperchat/commit/72c0df160bfe9838c618652facef29af99392ce3"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/livehelperchat/livehelperchat"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/3e30171b-c9bf-415c-82f1-6f55a44d09d3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Type Confusion in LiveHelperChat"
}

GHSA-5CXQ-3W6R-VJ7G

Vulnerability from github – Published: 2025-05-13 18:30 – Updated: 2025-05-13 18:30
VLAI
Details

Dreamweaver Desktop versions 21.4 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-30310"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-13T17:15:59Z",
    "severity": "HIGH"
  },
  "details": "Dreamweaver Desktop versions 21.4 and earlier are affected by an Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-5cxq-3w6r-vj7g",
  "modified": "2025-05-13T18:30:55Z",
  "published": "2025-05-13T18:30:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30310"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/dreamweaver/apsb25-35.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5F38-9JW2-6R6H

Vulnerability from github – Published: 2021-10-12 16:22 – Updated: 2022-05-04 03:42
VLAI
Summary
Cross-site Scripting in teddy
Details

Teddy is a readable and easy to learn templating language. This affects the package teddy before 0.5.9. A type confusion vulnerability can be used to bypass input sanitization when the model content is an array (instead of a string).

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "teddy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.5.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-23447"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79",
      "CWE-843"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-10-08T21:52:26Z",
    "nvd_published_at": "2021-10-07T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Teddy is a readable and easy to learn templating language. This affects the package teddy before 0.5.9. A type confusion vulnerability can be used to bypass input sanitization when the model content is an array (instead of a string).",
  "id": "GHSA-5f38-9jw2-6r6h",
  "modified": "2022-05-04T03:42:48Z",
  "published": "2021-10-12T16:22:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23447"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rooseveltframework/teddy/pull/518"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rooseveltframework/teddy/commit/64c556717b4879bf8d4c30067cf6e70d899a3dc0"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rooseveltframework/teddy"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rooseveltframework/teddy/releases/tag/0.5.9"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JS-TEDDY-1579557"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Cross-site Scripting in teddy"
}

GHSA-5F7P-5PW7-8J36

Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-05-24 19:07
VLAI
Details

Issue was discovered in the fxParserTree function in moddable, allows attackers to cause denial of service via a crafted payload. Fixed in commit 723816ab9b52f807180c99fc69c7d08cf6c6bd61.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-22882"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-13T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "Issue was discovered in the fxParserTree function in moddable, allows attackers to cause denial of service via a crafted payload. Fixed in commit 723816ab9b52f807180c99fc69c7d08cf6c6bd61.",
  "id": "GHSA-5f7p-5pw7-8j36",
  "modified": "2022-05-24T19:07:35Z",
  "published": "2022-05-24T19:07:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22882"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Moddable-OpenSource/moddable/issues/351"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.