Common Weakness Enumeration
CWE-843
AllowedAccess of Resource Using Incompatible Type ('Type Confusion')
Abstraction: Base · Status: Incomplete
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
1041 vulnerabilities reference this CWE, most recent first.
CVE-2026-5946 (GCVE-0-2026-5946)
Vulnerability from cvelistv5 – Published: 2026-05-20 13:10 – Updated: 2026-07-15 00:41
VLAI
EPSS
VEX
Title
Invalid handling of CLASS != IN
Summary
Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example, `CHAOS` or `HESIOD`, or DNS messages that specify meta-classes (`ANY` or `NONE`) in the question section. Specially crafted requests reaching the affected code paths — recursion, dynamic updates (`UPDATE`), zone change notifications (`NOTIFY`), or processing of `IN`-specific record types in non-`IN` data — can cause assertion failures in `named`.
This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
13 references
| URL | Tags |
|---|---|
| https://kb.isc.org/docs/cve-2026-5946 | vendor-advisory |
| https://downloads.isc.org/isc/bind9/9.18.49 | patch |
| https://downloads.isc.org/isc/bind9/9.20.23 | patch |
| https://downloads.isc.org/isc/bind9/9.21.22 | patch |
| https://access.redhat.com/security/cve/CVE-2026-5946 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2479771 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
| https://access.redhat.com/errata/RHSA-2026:24338 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:24339 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:23360 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:24367 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:24368 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:20334 | vendor-advisoryx_refsource_REDHAT |
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| ISC | BIND 9 |
Affected:
9.11.0 , ≤ 9.16.50
(custom)
Affected: 9.18.0 , ≤ 9.18.48 (custom) Affected: 9.20.0 , ≤ 9.20.22 (custom) Affected: 9.21.0 , ≤ 9.21.21 (custom) Affected: 9.11.3-S1 , ≤ 9.16.50-S1 (custom) Affected: 9.18.11-S1 , ≤ 9.18.48-S1 (custom) Affected: 9.20.9-S1 , ≤ 9.20.22-S1 (custom) |
|
| Red Hat | Red Hat Enterprise Linux 10 |
Unaffected:
32:9.18.33-15.el10_2.2 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
32:9.16.23-0.22.el8_10.6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
32:9.11.36-16.el8_10.8 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
32:9.16.23-40.el9_8.2 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
32:9.18.29-14.el9_8.2 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9 |
|
| Red Hat | Red Hat Hardened Images |
Unaffected:
9.18.49-1.hum1 , < *
(rpm)
cpe:/a:redhat:hummingbird:1 |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
Date Public
2026-05-20 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5946",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-20T13:40:04.619504Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T13:40:20.966Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"packageName": "bind",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "32:9.18.33-15.el10_2.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "bind9.16",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "32:9.16.23-0.22.el8_10.6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8",
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "bind",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "32:9.11.36-16.el8_10.8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "bind",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "32:9.16.23-40.el9_8.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "bind9.18",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "32:9.18.29-14.el9_8.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:hummingbird:1"
],
"defaultStatus": "affected",
"packageName": "bind-main",
"product": "Red Hat Hardened Images",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "9.18.49-1.hum1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "affected",
"packageName": "bind",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "bind",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "dhcp",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
}
],
"datePublic": "2026-05-21T12:32:55.602Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the bind component, specifically within the `named` daemon. This vulnerability allows a remote attacker to send specially crafted Domain Name System (DNS) messages. These messages, which use unusual classes or meta-classes, can trigger assertion failures in the `named` daemon when processed. Successful exploitation leads to an application level Denial of Service (DoS), making the DNS service unavailable."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "Improper Validation of Specified Type of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T00:41:53.642Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-5946"
},
{
"name": "RHBZ#2479771",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2479771"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5946.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24338"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24339"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23360"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24367"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24368"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20334"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:24338: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:24339: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux BaseOS (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:23360: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:24367: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:24368: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:20334: Red Hat Hardened Images"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-19T09:57:49.705Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-05-21T12:32:55.602Z",
"value": "Made public."
}
],
"title": "bind: BIND: Denial of Service via specially crafted DNS messages",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIND 9",
"vendor": "ISC",
"versions": [
{
"lessThanOrEqual": "9.16.50",
"status": "affected",
"version": "9.11.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.48",
"status": "affected",
"version": "9.18.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.20.22",
"status": "affected",
"version": "9.20.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.21.21",
"status": "affected",
"version": "9.21.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.16.50-S1",
"status": "affected",
"version": "9.11.3-S1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.48-S1",
"status": "affected",
"version": "9.18.11-S1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.20.22-S1",
"status": "affected",
"version": "9.20.9-S1",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.16.50",
"versionStartIncluding": "9.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.18.48",
"versionStartIncluding": "9.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.20.22",
"versionStartIncluding": "9.20.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.21.21",
"versionStartIncluding": "9.21.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.16.50-S1",
"versionStartIncluding": "9.11.3-S1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.18.48-S1",
"versionStartIncluding": "9.18.11-S1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.20.22-S1",
"versionStartIncluding": "9.20.9-S1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Mcsky23 for bringing this vulnerability to our attention."
}
],
"datePublic": "2026-05-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) \u2014 for example, `CHAOS` or `HESIOD`, or DNS messages that specify meta-classes (`ANY` or `NONE`) in the question section. Specially crafted requests reaching the affected code paths \u2014 recursion, dynamic updates (`UPDATE`), zone change notifications (`NOTIFY`), or processing of `IN`-specific record types in non-`IN` data \u2014 can cause assertion failures in `named`.\nThis issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "An attacker able to send specially crafted DNS messages to an affected `named` instance can cause it to terminate unexpectedly, resulting in a denial of service."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-617",
"description": "CWE-617 Reachable Assertion",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-843",
"description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T13:10:03.479Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "CVE-2026-5946",
"tags": [
"vendor-advisory"
],
"url": "https://kb.isc.org/docs/cve-2026-5946"
},
{
"tags": [
"patch"
],
"url": "https://downloads.isc.org/isc/bind9/9.18.49"
},
{
"tags": [
"patch"
],
"url": "https://downloads.isc.org/isc/bind9/9.20.23"
},
{
"tags": [
"patch"
],
"url": "https://downloads.isc.org/isc/bind9/9.21.22"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.49, 9.20.23, 9.21.22, 9.18.49-S1, or 9.20.23-S1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Invalid handling of CLASS != IN",
"workarounds": [
{
"lang": "en",
"value": "Don\u0027t configure zones other than Internet (`IN`) class. Furthermore, do not expose the server that allows DNS Dynamic Update to the general Internet."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2026-5946",
"datePublished": "2026-05-20T13:10:03.479Z",
"dateReserved": "2026-04-09T06:40:07.319Z",
"dateUpdated": "2026-07-15T00:41:53.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5496 (GCVE-0-2026-5496)
Vulnerability from cvelistv5 – Published: 2026-04-11 00:13 – Updated: 2026-04-13 18:25
VLAI
EPSS
VEX
Title
Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability
Summary
Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PDSPRJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25717.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Labcenter Electronics | Proteus |
Affected:
8.17 SP5
|
Date Public
2026-04-06 14:14
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5496",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-13T18:25:10.253866Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T18:25:22.216Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Proteus",
"vendor": "Labcenter Electronics",
"versions": [
{
"status": "affected",
"version": "8.17 SP5"
}
]
}
],
"dateAssigned": "2026-04-03T14:34:56.682Z",
"datePublic": "2026-04-06T14:14:16.337Z",
"descriptions": [
{
"lang": "en",
"value": "Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PDSPRJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25717."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-11T00:13:14.901Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-26-254",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-26-254/"
}
],
"source": {
"lang": "en",
"value": "Andrea Micalizzi aka rgod (@rgod777)"
},
"title": "Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2026-5496",
"datePublished": "2026-04-11T00:13:14.901Z",
"dateReserved": "2026-04-03T14:34:56.642Z",
"dateUpdated": "2026-04-13T18:25:22.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5360 (GCVE-0-2026-5360)
Vulnerability from cvelistv5 – Published: 2026-04-02 17:00 – Updated: 2026-04-03 19:59 X_Open Source
VLAI
EPSS
VEX
Title
Free5GC aper type confusion
Summary
A vulnerability has been found in Free5GC 4.2.0. The affected element is an unknown function of the component aper. Such manipulation leads to type confusion. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 26205eb01705754b7b902ad6c4b613c96c881e29. It is best practice to apply a patch to resolve this issue.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-843 - Type Confusion
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/354735 | vdb-entry |
| https://vuldb.com/vuln/354735/cti | signaturepermissions-required |
| https://vuldb.com/submit/781573 | third-party-advisory |
| https://github.com/free5gc/free5gc/issues/831 | issue-tracking |
| https://github.com/free5gc/aper/pull/11 | issue-trackingpatch |
| https://github.com/free5gc/free5gc/issues/831#iss… | exploitissue-tracking |
| https://github.com/free5gc/aper/commit/26205eb017… | patch |
| https://github.com/free5gc/free5gc/ | product |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5360",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-03T19:59:15.436297Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T19:59:25.061Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:free5gc:free5gc:*:*:*:*:*:*:*:*"
],
"modules": [
"aper"
],
"product": "Free5GC",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "4.2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "shovon0203 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Free5GC 4.2.0. The affected element is an unknown function of the component aper. Such manipulation leads to type confusion. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 26205eb01705754b7b902ad6c4b613c96c881e29. It is best practice to apply a patch to resolve this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "Type Confusion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T17:00:19.072Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-354735 | Free5GC aper type confusion",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/354735"
},
{
"name": "VDB-354735 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/354735/cti"
},
{
"name": "Submit #781573 | Linux Foundation free5GC 4.2.0 Type Confusion",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/781573"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/free5gc/free5gc/issues/831"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/free5gc/aper/pull/11"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/free5gc/free5gc/issues/831#issue-3996453112"
},
{
"tags": [
"patch"
],
"url": "https://github.com/free5gc/aper/commit/26205eb01705754b7b902ad6c4b613c96c881e29"
},
{
"tags": [
"product"
],
"url": "https://github.com/free5gc/free5gc/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2026-04-01T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-01T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-01T19:21:22.000Z",
"value": "VulDB entry last update"
}
],
"title": "Free5GC aper type confusion"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-5360",
"datePublished": "2026-04-02T17:00:19.072Z",
"dateReserved": "2026-04-01T17:16:17.906Z",
"dateUpdated": "2026-04-03T19:59:25.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66586 (GCVE-0-2025-66586)
Vulnerability from cvelistv5 – Published: 2025-12-11 20:54 – Updated: 2026-06-04 20:31
VLAI
EPSS
VEX
Title
Type Confusion vulnerability in AzeoTech DAQFactory
Summary
In AzeoTech DAQFactory release 20.7 (Build 2555), an access of resource using incompatible type vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| AzeoTech | DAQFactory |
Affected:
0 , ≤ Release 20.7 (Build 2555)
(custom)
Unaffected: Release 21.1 |
Date Public
2025-12-30 21:31
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66586",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T20:30:20.298251Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T20:34:01.266Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DAQFactory",
"vendor": "AzeoTech",
"versions": [
{
"lessThanOrEqual": "Release 20.7 (Build 2555)",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "Release 21.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rocco Calvi with TecSecurity of Trend Zero Day Initiative"
},
{
"lang": "en",
"type": "finder",
"value": "Andrea Micalizzi of Trend Zero Day Initiative"
}
],
"datePublic": "2025-12-30T21:31:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eIn AzeoTech DAQFactory release 20.7 (Build 2555), an access of resource using incompatible type vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process.\u003c/p\u003e\u003cbr\u003e\n\n\u003cbr\u003e"
}
],
"value": "In AzeoTech DAQFactory release 20.7 (Build 2555), an access of resource using incompatible type vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute code in the context of the current process."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T20:31:21.501Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-345-03"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-345-03.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAzeoTech has released the following update that addresses these issues:\u003c/p\u003e\u003cul\u003e\u003cli\u003eDAQFactory: Release 21.1\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAzeoTech also recommends users take the following actions to reduce the risk:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUsers are discouraged from using documents from unknown/untrusted sources.\u003c/li\u003e\u003cli\u003eUsers are encouraged to store .ctl files in a folder only writeable by admin-level users.\u003c/li\u003e\u003cli\u003eUsers are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\u003c/li\u003e\u003cli\u003eUsers are encouraged to apply a document editing password to their documents.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "AzeoTech has released the following update that addresses these issues:\n\n * DAQFactory: Release 21.1\n\n\nAzeoTech also recommends users take the following actions to reduce the risk:\n\n * Users are discouraged from using documents from unknown/untrusted sources.\n * Users are encouraged to store .ctl files in a folder only writeable by admin-level users.\n * Users are encouraged to operate in \u201cSafe Mode\u201d when loading documents that have been out of their control.\n * Users are encouraged to apply a document editing password to their documents."
}
],
"source": {
"advisory": "ICSA-25-345-03",
"discovery": "EXTERNAL"
},
"title": "Type Confusion vulnerability in AzeoTech DAQFactory",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-66586",
"datePublished": "2025-12-11T20:54:38.739Z",
"dateReserved": "2025-12-04T21:11:02.201Z",
"dateUpdated": "2026-06-04T20:31:21.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66342 (GCVE-0-2025-66342)
Vulnerability from cvelistv5 – Published: 2026-03-17 18:52 – Updated: 2026-03-18 17:00
VLAI
EPSS
VEX
Summary
A type confusion vulnerability exists in the EMF functionality of Canva Affinity. A specially crafted EMF file can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
Assigner
References
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66342",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-17T19:58:21.370395Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-17T19:58:50.641Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-03-17T20:11:34.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2297"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Affinity",
"vendor": "Canva",
"versions": [
{
"status": "affected",
"version": "3.0.1.3808"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by KPC of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A type confusion vulnerability exists in the EMF functionality of Canva Affinity. A specially crafted EMF file can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-18T17:00:08.764Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2297",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2297"
},
{
"name": "https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62",
"url": "https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2025-66342",
"datePublished": "2026-03-17T18:52:52.871Z",
"dateReserved": "2025-12-05T12:07:22.387Z",
"dateUpdated": "2026-03-18T17:00:08.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-65080 (GCVE-0-2025-65080)
Vulnerability from cvelistv5 – Published: 2026-02-03 20:35 – Updated: 2026-02-26 15:04
VLAI
EPSS
VEX
Title
Type confusion vulnerability in Postscript interpreter
Summary
A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Lexmark | MXTCT, MSNGM, MSTGM, MXNGM, MXTGM, CSNGV, CSTGV, CXTGV, MSNGW, MSTGW, MXTGW, CSTLS, CXTLS, MXTLS, CSTMM, CXTMM, CSTPC, CXTPC, MXTPM, MSNSN, MSTSN, MXTSN, CSNZJ, CSTZJ, CXNZJ, CXTZJ |
Affected:
0 , < 250.210
(custom)
|
|
| Lexmark | CSTAT, CXTAT, MSLBD, MXLBD, CSLBL, CXLBL, CSLBN, CXLBN, CSTMH, CXTMH, CSTPP, CXTPP, MSLSG, MXLSG |
Affected:
0 , < 230.506
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-65080",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-04T04:56:07.187232Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:24.195Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MXTCT, MSNGM, MSTGM, MXNGM, MXTGM, CSNGV, CSTGV, CXTGV, MSNGW, MSTGW, MXTGW, CSTLS, CXTLS, MXTLS, CSTMM, CXTMM, CSTPC, CXTPC, MXTPM, MSNSN, MSTSN, MXTSN, CSNZJ, CSTZJ, CXNZJ, CXTZJ",
"vendor": "Lexmark",
"versions": [
{
"lessThan": "250.210",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CSTAT, CXTAT, MSLBD, MXLBD, CSLBL, CXLBL, CSLBN, CXLBN, CSTMH, CXTMH, CSTPP, CXTPP, MSLSG, MXLSG",
"vendor": "Lexmark",
"versions": [
{
"lessThan": "230.506",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user."
}
],
"value": "A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Lexmark is not aware of any malicious use against Lexmark products of the vulnerability described in this advisory.\n\n\u003cbr\u003e"
}
],
"value": "Lexmark is not aware of any malicious use against Lexmark products of the vulnerability described in this advisory."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T20:35:54.592Z",
"orgId": "7bc73191-a2b6-4c63-9918-753964601853",
"shortName": "Lexmark"
},
"references": [
{
"url": "https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Type confusion vulnerability in Postscript interpreter",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Lexmark recommends a firmware update if your device has affected firmware.\n\n\u003cbr\u003e"
}
],
"value": "Lexmark recommends a firmware update if your device has affected firmware."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7bc73191-a2b6-4c63-9918-753964601853",
"assignerShortName": "Lexmark",
"cveId": "CVE-2025-65080",
"datePublished": "2026-02-03T20:35:54.592Z",
"dateReserved": "2025-11-17T13:56:38.589Z",
"dateUpdated": "2026-02-26T15:04:24.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64314 (GCVE-0-2025-64314)
Vulnerability from cvelistv5 – Published: 2025-11-28 02:26 – Updated: 2025-11-28 15:16
VLAI
EPSS
VEX
Summary
Permission control vulnerability in the memory management module.
Impact: Successful exploitation of this vulnerability may affect confidentiality.
Severity
9.3 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64314",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-28T15:15:58.317684Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T15:16:05.641Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "5.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Permission control vulnerability in the memory management module.\u003cbr\u003eImpact: Successful exploitation of this vulnerability may affect confidentiality."
}
],
"value": "Permission control vulnerability in the memory management module.\nImpact: Successful exploitation of this vulnerability may affect confidentiality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T02:26:24.750Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/cn/support/bulletinlaptops/2025/11/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2025-64314",
"datePublished": "2025-11-28T02:26:24.750Z",
"dateReserved": "2025-10-30T02:00:28.698Z",
"dateUpdated": "2025-11-28T15:16:05.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-62554 (GCVE-0-2025-62554)
Vulnerability from cvelistv5 – Published: 2025-12-09 17:55 – Updated: 2026-04-16 14:18
VLAI
EPSS
VEX
Title
Microsoft Office Remote Code Execution Vulnerability
Summary
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft 365 Apps for Enterprise |
Affected:
16.0.1 , < https://aka.ms/OfficeSecurityReleases
(custom)
|
|
| Microsoft | Microsoft Office 2016 |
Affected:
16.0.0 , < 16.0.5530.1001
(custom)
|
|
| Microsoft | Microsoft Office 2019 |
Affected:
19.0.0 , < https://aka.ms/OfficeSecurityReleases
(custom)
|
|
| Microsoft | Microsoft Office for Android |
Affected:
16.0.1 , < 16.0.19530.20000
(custom)
|
|
| Microsoft | Microsoft Office LTSC 2021 |
Affected:
16.0.1 , < https://aka.ms/OfficeSecurityReleases
(custom)
|
|
| Microsoft | Microsoft Office LTSC 2024 |
Affected:
16.0.0 , < https://aka.ms/OfficeSecurityReleases
(custom)
|
|
| Microsoft | Microsoft Office LTSC for Mac 2021 |
Affected:
16.0.1 , < 16.104.25121423
(custom)
|
|
| Microsoft | Microsoft Office LTSC for Mac 2024 |
Affected:
16.0.0 , < 16.104.25121423
(custom)
|
Date Public
2025-12-09 08:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62554",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-10T04:56:34.398500Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:21:12.071Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft 365 Apps for Enterprise",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Office 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.5530.1001",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Office 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "19.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Office for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.19530.20000",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Office LTSC 2021",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Office LTSC 2024",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Office LTSC for Mac 2021",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.104.25121423",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Office LTSC for Mac 2024",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.104.25121423",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:*:*:android:*:*:*:*:*",
"versionEndExcluding": "16.0.19530.20000",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_macos_2021:*:*:*:*:*:long_term_servicing_channel:*:*",
"versionEndExcluding": "16.104.25121423",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_macos_2024:*:*:*:*:*:long_term_servicing_channel:*:*",
"versionEndExcluding": "16.104.25121423",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_2016:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "16.0.5530.1001",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "16.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-12-09T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Access of resource using incompatible type (\u0027type confusion\u0027) in Microsoft Office allows an unauthorized attacker to execute code locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T14:18:51.572Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Office Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62554"
}
],
"title": "Microsoft Office Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-62554",
"datePublished": "2025-12-09T17:55:56.579Z",
"dateReserved": "2025-10-15T17:11:21.220Z",
"dateUpdated": "2026-04-16T14:18:51.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-62518 (GCVE-0-2025-62518)
Vulnerability from cvelistv5 – Published: 2025-10-21 16:13 – Updated: 2025-10-22 13:23
VLAI
EPSS
VEX
Title
astral-tokio-tar Vulnerable to PAX Header Desynchronization
Summary
astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives with PAX-extended headers containing size overrides, the parser incorrectly advances stream position based on ustar header size (often zero) instead of the PAX-specified size, causing it to interpret file content as legitimate tar headers. This issue has been patched in version 0.5.6. There are no workarounds.
Severity
8.1 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/astral-sh/tokio-tar/security/a… | x_refsource_CONFIRM |
| https://github.com/astral-sh/uv/security/advisori… | x_refsource_MISC |
| https://github.com/astral-sh/tokio-tar/commit/22b… | x_refsource_MISC |
| https://edera.dev/stories/tarmageddon | x_refsource_MISC |
| https://github.com/edera-dev/cve-tarmageddon | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62518",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-22T13:18:16.414919Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:23:33.408Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tokio-tar",
"vendor": "astral-sh",
"versions": [
{
"status": "affected",
"version": "\u003c 0.5.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives with PAX-extended headers containing size overrides, the parser incorrectly advances stream position based on ustar header size (often zero) instead of the PAX-specified size, causing it to interpret file content as legitimate tar headers. This issue has been patched in version 0.5.6. There are no workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T16:13:02.646Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/astral-sh/tokio-tar/security/advisories/GHSA-j5gw-2vrg-8fgx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/astral-sh/tokio-tar/security/advisories/GHSA-j5gw-2vrg-8fgx"
},
{
"name": "https://github.com/astral-sh/uv/security/advisories/GHSA-w476-p2h3-79g9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/astral-sh/uv/security/advisories/GHSA-w476-p2h3-79g9"
},
{
"name": "https://github.com/astral-sh/tokio-tar/commit/22b3f884adb7a2adf1d3a8d03469533f5cbc8318",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/astral-sh/tokio-tar/commit/22b3f884adb7a2adf1d3a8d03469533f5cbc8318"
},
{
"name": "https://edera.dev/stories/tarmageddon",
"tags": [
"x_refsource_MISC"
],
"url": "https://edera.dev/stories/tarmageddon"
},
{
"name": "https://github.com/edera-dev/cve-tarmageddon",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/edera-dev/cve-tarmageddon"
}
],
"source": {
"advisory": "GHSA-j5gw-2vrg-8fgx",
"discovery": "UNKNOWN"
},
"title": "astral-tokio-tar Vulnerable to PAX Header Desynchronization"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-62518",
"datePublished": "2025-10-21T16:13:02.646Z",
"dateReserved": "2025-10-15T15:03:28.134Z",
"dateUpdated": "2025-10-22T13:23:33.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-61911 (GCVE-0-2025-61911)
Vulnerability from cvelistv5 – Published: 2025-10-10 22:02 – Updated: 2025-10-14 14:57
VLAI
EPSS
VEX
Title
python-ldap has sanitization bypass in ldap.filter.escape_filter_chars
Summary
python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, the sanitization method `ldap.filter.escape_filter_chars` can be tricked to skip escaping of special characters when a crafted `list` or `dict` is supplied as the `assertion_value` parameter, and the non-default `escape_mode=1` is configured. The method `ldap.filter.escape_filter_chars` supports 3 different escaping modes. `escape_mode=0` (default) and `escape_mode=2` happen to raise exceptions when a `list` or `dict` object is supplied as the `assertion_value` parameter. However, `escape_mode=1` computes without performing adequate logic to ensure a fully escaped return value. If an application relies on the vulnerable method in the `python-ldap` library to escape untrusted user input, an attacker might be able to abuse the vulnerability to launch ldap injection attacks which could potentially disclose or manipulate ldap data meant to be inaccessible to them. Version 3.4.5 fixes the issue by adding a type check at the start of the `ldap.filter.escape_filter_chars` method to raise an exception when the supplied `assertion_value` parameter is not of type `str`.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/python-ldap/python-ldap/securi… | x_refsource_CONFIRM |
| https://github.com/python-ldap/python-ldap/commit… | x_refsource_MISC |
| https://github.com/python-ldap/python-ldap/releas… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| python-ldap | python-ldap |
Affected:
< 3.4.5
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-61911",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-14T14:57:26.403796Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T14:57:34.174Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "python-ldap",
"vendor": "python-ldap",
"versions": [
{
"status": "affected",
"version": "\u003c 3.4.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, the sanitization method `ldap.filter.escape_filter_chars` can be tricked to skip escaping of special characters when a crafted `list` or `dict` is supplied as the `assertion_value` parameter, and the non-default `escape_mode=1` is configured. The method `ldap.filter.escape_filter_chars` supports 3 different escaping modes. `escape_mode=0` (default) and `escape_mode=2` happen to raise exceptions when a `list` or `dict` object is supplied as the `assertion_value` parameter. However, `escape_mode=1` computes without performing adequate logic to ensure a fully escaped return value. If an application relies on the vulnerable method in the `python-ldap` library to escape untrusted user input, an attacker might be able to abuse the vulnerability to launch ldap injection attacks which could potentially disclose or manipulate ldap data meant to be inaccessible to them. Version 3.4.5 fixes the issue by adding a type check at the start of the `ldap.filter.escape_filter_chars` method to raise an exception when the supplied `assertion_value` parameter is not of type `str`."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-75",
"description": "CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T22:02:15.529Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/python-ldap/python-ldap/security/advisories/GHSA-r7r6-cc7p-4v5m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/python-ldap/python-ldap/security/advisories/GHSA-r7r6-cc7p-4v5m"
},
{
"name": "https://github.com/python-ldap/python-ldap/commit/3957526fb1852e84b90f423d9fef34c7af25b85a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-ldap/python-ldap/commit/3957526fb1852e84b90f423d9fef34c7af25b85a"
},
{
"name": "https://github.com/python-ldap/python-ldap/releases/tag/python-ldap-3.4.5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-ldap/python-ldap/releases/tag/python-ldap-3.4.5"
}
],
"source": {
"advisory": "GHSA-r7r6-cc7p-4v5m",
"discovery": "UNKNOWN"
},
"title": "python-ldap has sanitization bypass in ldap.filter.escape_filter_chars"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-61911",
"datePublished": "2025-10-10T22:02:15.529Z",
"dateReserved": "2025-10-03T22:21:59.614Z",
"dateUpdated": "2025-10-14T14:57:34.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.