CWE-843
AllowedAccess of Resource Using Incompatible Type ('Type Confusion')
Abstraction: Base · Status: Incomplete
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
1041 vulnerabilities reference this CWE, most recent first.
GHSA-QX2V-2M6G-2VH6
Vulnerability from github – Published: 2022-05-13 01:20 – Updated: 2022-05-13 01:20A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274, CVE-2018-8275, CVE-2018-8301.
{
"affected": [],
"aliases": [
"CVE-2018-8279"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-11T00:29:00Z",
"severity": "HIGH"
},
"details": "A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka \"Microsoft Edge Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274, CVE-2018-8275, CVE-2018-8301.",
"id": "GHSA-qx2v-2m6g-2vh6",
"modified": "2022-05-13T01:20:44Z",
"published": "2022-05-13T01:20:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8279"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8279"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/45214"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104641"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041256"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QX44-X344-88Q4
Vulnerability from github – Published: 2022-05-24 16:57 – Updated: 2023-02-16 06:30This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPG files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8742.
{
"affected": [],
"aliases": [
"CVE-2019-13330"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-03T22:15:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JPG files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8742.",
"id": "GHSA-qx44-x344-88q4",
"modified": "2023-02-16T06:30:27Z",
"published": "2022-05-24T16:57:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13330"
},
{
"type": "WEB",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-853"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QXG5-2QFF-P49R
Vulnerability from github – Published: 2021-06-18 19:31 – Updated: 2021-06-18 19:31A type-confusion vulnerability can cause striptags to concatenate unsanitized strings when an array-like object is passed in as the html parameter. This can be abused by an attacker who can control the shape of their input, e.g. if query parameters are passed directly into the function.
Impact
XSS
Patches
3.2.0
Workarounds
Ensure that the html parameter is a string before calling the function.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "striptags"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-32696"
],
"database_specific": {
"cwe_ids": [
"CWE-241",
"CWE-79",
"CWE-843"
],
"github_reviewed": true,
"github_reviewed_at": "2021-06-18T19:31:21Z",
"nvd_published_at": "2021-06-18T20:15:00Z",
"severity": "MODERATE"
},
"details": "A type-confusion vulnerability can cause `striptags` to concatenate unsanitized strings when an array-like object is passed in as the `html` parameter. This can be abused by an attacker who can control the shape of their input, e.g. if query parameters are passed directly into the function.\n\n### Impact\n\nXSS\n\n### Patches\n\n`3.2.0`\n\n### Workarounds\n\nEnsure that the `html` parameter is a string before calling the function.\n",
"id": "GHSA-qxg5-2qff-p49r",
"modified": "2021-06-18T19:31:21Z",
"published": "2021-06-18T19:31:35Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ericnorris/striptags/security/advisories/GHSA-qxg5-2qff-p49r"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32696"
},
{
"type": "WEB",
"url": "https://github.com/ericnorris/striptags/commit/f252a6b0819499cd65403707ebaf5cc925f2faca"
},
{
"type": "WEB",
"url": "https://github.com/ericnorris/striptags/releases/tag/v3.2.0"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/package/striptags"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Passing in a non-string \u0027html\u0027 argument can lead to unsanitized output"
}
GHSA-QXR5-2C92-FJ86
Vulnerability from github – Published: 2022-05-14 02:24 – Updated: 2025-04-12 12:58Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code by overriding NetConnection object properties to leverage an unspecified "type confusion," a different vulnerability than CVE-2016-1019.
{
"affected": [],
"aliases": [
"CVE-2016-1015"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-04-09T01:59:00Z",
"severity": "HIGH"
},
"details": "Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code by overriding NetConnection object properties to leverage an unspecified \"type confusion,\" a different vulnerability than CVE-2016-1019.",
"id": "GHSA-qxr5-2c92-fj86",
"modified": "2025-04-12T12:58:16Z",
"published": "2022-05-14T02:24:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1015"
},
{
"type": "WEB",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-050"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-10.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0610.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/85930"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1035509"
},
{
"type": "WEB",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-227"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QXRM-24V6-5C8C
Vulnerability from github – Published: 2022-05-24 16:44 – Updated: 2025-11-25 18:32Incorrect handling of proto mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1.
{
"affected": [],
"aliases": [
"CVE-2019-9813"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-04-26T17:29:00Z",
"severity": "HIGH"
},
"details": "Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox \u003c 66.0.1, Firefox ESR \u003c 60.6.1, and Thunderbird \u003c 60.6.1.",
"id": "GHSA-qxrm-24v6-5c8c",
"modified": "2025-11-25T18:32:16Z",
"published": "2022-05-24T16:44:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9813"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:0966"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:1144"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1538006"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2019-09"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2019-10"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2019-12"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R26P-GH73-QGQ9
Vulnerability from github – Published: 2023-03-27 21:30 – Updated: 2025-05-05 18:32A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. The rds_rm_zerocopy_callback() uses list_entry() on the head of a list causing a type confusion. Local user can trigger this with rds_message_put(). Type confusion leads to struct rds_msg_zcopy_info *info actually points to something else that is potentially controlled by local user. It is known how to trigger this, which causes an out of bounds access, and a lock corruption.
{
"affected": [],
"aliases": [
"CVE-2023-1078"
],
"database_specific": {
"cwe_ids": [
"CWE-787",
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-27T21:15:00Z",
"severity": "HIGH"
},
"details": "A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. The rds_rm_zerocopy_callback() uses list_entry() on the head of a list causing a type confusion. Local user can trigger this with rds_message_put(). Type confusion leads to `struct rds_msg_zcopy_info *info` actually points to something else that is potentially controlled by local user. It is known how to trigger this, which causes an out of bounds access, and a lock corruption.",
"id": "GHSA-r26p-gh73-qgq9",
"modified": "2025-05-05T18:32:36Z",
"published": "2023-03-27T21:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1078"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=f753a68980cf4b59a80fe677619da2b1804f526d"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230505-0004"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2023/11/05/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R367-GWGR-RXQ8
Vulnerability from github – Published: 2022-05-13 01:02 – Updated: 2022-05-13 01:02Type confusion in PDFium in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
{
"affected": [],
"aliases": [
"CVE-2017-5057"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-10-27T05:29:00Z",
"severity": "HIGH"
},
"details": "Type confusion in PDFium in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.",
"id": "GHSA-r367-gwgr-rxq8",
"modified": "2022-05-13T01:02:37Z",
"published": "2022-05-13T01:02:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5057"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1124"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://crbug.com/695826"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201705-02"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/97939"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1038317"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R3HQ-4H29-QFQ9
Vulnerability from github – Published: 2023-04-11 18:30 – Updated: 2024-04-04 03:24An issue was discovered in Treasure Data Fluent Bit 1.7.1, erroneous parsing in flb_pack_msgpack_to_json_format leads to type confusion bug that interprets whatever is on the stack as msgpack maps and arrays, leading to use-after-free. This can be used by an attacker to craft a specially craft file and trick the victim opening it using the affect software, triggering use-after-free and execute arbitrary code on the target system.
{
"affected": [],
"aliases": [
"CVE-2021-46878"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-11T18:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Treasure Data Fluent Bit 1.7.1, erroneous parsing in flb_pack_msgpack_to_json_format leads to type confusion bug that interprets whatever is on the stack as msgpack maps and arrays, leading to use-after-free. This can be used by an attacker to craft a specially craft file and trick the victim opening it using the affect software, triggering use-after-free and execute arbitrary code on the target system.",
"id": "GHSA-r3hq-4h29-qfq9",
"modified": "2024-04-04T03:24:16Z",
"published": "2023-04-11T18:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46878"
},
{
"type": "WEB",
"url": "https://github.com/fluent/fluent-bit/pull/3115"
},
{
"type": "WEB",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27742"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R3PV-9WHV-57XC
Vulnerability from github – Published: 2025-12-02 21:31 – Updated: 2025-12-02 21:31Type Confusion in V8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2025-13630"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-02T19:15:46Z",
"severity": "HIGH"
},
"details": "Type Confusion in V8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-r3pv-9whv-57xc",
"modified": "2025-12-02T21:31:29Z",
"published": "2025-12-02T21:31:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13630"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/456547591"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R3VQ-92C6-3MQF
Vulnerability from github – Published: 2023-02-16 15:30 – Updated: 2023-04-28 22:06Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-vqfx-gj96-3w95. This link is maintained to preserve external references.
Original Description
Due to improper parameter filtering in the sequalize js library, can a attacker peform injection.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@sequelize/core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.0.0-alpha.20"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": true,
"github_reviewed_at": "2023-02-23T16:57:49Z",
"nvd_published_at": "2023-02-16T15:15:00Z",
"severity": "HIGH"
},
"details": "## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of [GHSA-vqfx-gj96-3w95](https://github.com/advisories/GHSA-vqfx-gj96-3w95). This link is maintained to preserve external references.\n\n## Original Description\nDue to improper parameter filtering in the sequalize js library, can a attacker peform injection.",
"id": "GHSA-r3vq-92c6-3mqf",
"modified": "2023-04-28T22:06:24Z",
"published": "2023-02-16T15:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22579"
},
{
"type": "WEB",
"url": "https://csirt.divd.nl/CVE-2023-22579"
},
{
"type": "WEB",
"url": "https://csirt.divd.nl/DIVD-2022-00020"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Duplicate advisory: Sequelize - Unsafe fall-through in getWhereConditions",
"withdrawn": "2023-02-23T16:57:49Z"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.