CWE-843
AllowedAccess of Resource Using Incompatible Type ('Type Confusion')
Abstraction: Base · Status: Incomplete
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
1041 vulnerabilities reference this CWE, most recent first.
GHSA-RQPR-XFVF-QR4V
Vulnerability from github – Published: 2022-05-13 01:21 – Updated: 2022-05-13 01:21Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerability allowing bypass of authentication. This occurs in Auth::checkPassword() (inc/auth.class.php).
{
"affected": [],
"aliases": [
"CVE-2019-10231"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-03-27T17:29:00Z",
"severity": "CRITICAL"
},
"details": "Teclib GLPI before 9.4.1.1 is affected by a PHP type juggling vulnerability allowing bypass of authentication. This occurs in Auth::checkPassword() (inc/auth.class.php).",
"id": "GHSA-rqpr-xfvf-qr4v",
"modified": "2022-05-13T01:21:43Z",
"published": "2022-05-13T01:21:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10231"
},
{
"type": "WEB",
"url": "https://github.com/glpi-project/glpi/pull/5520"
},
{
"type": "WEB",
"url": "https://github.com/glpi-project/glpi/releases/tag/9.4.1.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RRG9-J69G-XFM7
Vulnerability from github – Published: 2025-01-28 00:32 – Updated: 2025-11-03 21:32A type confusion issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A remote attacker may cause an unexpected application termination or arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2025-24137"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-27T22:15:18Z",
"severity": "HIGH"
},
"details": "A type confusion issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A remote attacker may cause an unexpected application termination or arbitrary code execution.",
"id": "GHSA-rrg9-j69g-xfm7",
"modified": "2025-11-03T21:32:28Z",
"published": "2025-01-28T00:32:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24137"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/122066"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/122067"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/122068"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/122069"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/122071"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/122072"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/122073"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2025/Jan/13"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2025/Jan/14"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2025/Jan/15"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2025/Jan/16"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2025/Jan/18"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2025/Jan/19"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RRR3-5825-8CG8
Vulnerability from github – Published: 2026-07-02 00:31 – Updated: 2026-07-02 03:31Type Confusion in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2026-14431"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-01T23:16:51Z",
"severity": "HIGH"
},
"details": "Type Confusion in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-rrr3-5825-8cg8",
"modified": "2026-07-02T03:31:27Z",
"published": "2026-07-02T00:31:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-14431"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/523884658"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RRV6-26R4-H5PJ
Vulnerability from github – Published: 2022-09-25 00:00 – Updated: 2022-09-28 00:00A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.
{
"affected": [],
"aliases": [
"CVE-2022-32814"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-23T20:15:00Z",
"severity": "HIGH"
},
"details": "A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.",
"id": "GHSA-rrv6-26r4-h5pj",
"modified": "2022-09-28T00:00:25Z",
"published": "2022-09-25T00:00:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32814"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213340"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213342"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213345"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213346"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213344"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RX33-R3JC-7M3X
Vulnerability from github – Published: 2022-05-24 19:19 – Updated: 2022-05-24 19:19A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, Safari 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2021-30818"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-28T19:15:00Z",
"severity": "HIGH"
},
"details": "A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, Safari 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution.",
"id": "GHSA-rx33-r3jc-7m3x",
"modified": "2022-05-24T19:19:02Z",
"published": "2022-05-24T19:19:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30818"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT212807"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT212814"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT212815"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT212816"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT212819"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT212869"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/12/20/6"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-RXX5-WMPW-CGMP
Vulnerability from github – Published: 2022-11-09 12:00 – Updated: 2022-11-09 19:02Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)
{
"affected": [],
"aliases": [
"CVE-2022-3889"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-09T04:15:00Z",
"severity": "HIGH"
},
"details": "Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)",
"id": "GHSA-rxx5-wmpw-cgmp",
"modified": "2022-11-09T19:02:22Z",
"published": "2022-11-09T12:00:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3889"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1380063"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5275"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RXXM-P26X-J53P
Vulnerability from github – Published: 2026-05-29 00:38 – Updated: 2026-05-29 12:31Type Confusion in V8 in Google Chrome prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome Extension. (Chromium security severity: Medium)
{
"affected": [],
"aliases": [
"CVE-2026-10022"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-28T23:16:44Z",
"severity": "HIGH"
},
"details": "Type Confusion in V8 in Google Chrome prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome Extension. (Chromium security severity: Medium)",
"id": "GHSA-rxxm-p26x-j53p",
"modified": "2026-05-29T12:31:24Z",
"published": "2026-05-29T00:38:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10022"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0877304591.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/513289241"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V2P5-Q653-9J99
Vulnerability from github – Published: 2025-05-02 21:30 – Updated: 2025-05-05 17:25In the obfstr crate before 0.4.4 for Rust, the obfstr! argument type is not restricted to string slices, leading to invalid UTF-8 conversion that produces an invalid value.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "obfstr"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.4.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-58253"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": true,
"github_reviewed_at": "2025-05-05T17:25:08Z",
"nvd_published_at": "2025-05-02T20:15:19Z",
"severity": "LOW"
},
"details": "In the obfstr crate before 0.4.4 for Rust, the obfstr! argument type is not restricted to string slices, leading to invalid UTF-8 conversion that produces an invalid value.",
"id": "GHSA-v2p5-q653-9j99",
"modified": "2025-05-05T17:25:08Z",
"published": "2025-05-02T21:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-58253"
},
{
"type": "WEB",
"url": "https://github.com/CasualX/obfstr/issues/60"
},
{
"type": "PACKAGE",
"url": "https://github.com/CasualX/obfstr"
},
{
"type": "WEB",
"url": "https://github.com/CasualX/obfstr/compare/v0.4.3...v0.4.4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "obfstr Type Confusion vulnerability"
}
GHSA-V38R-CMM6-V8C3
Vulnerability from github – Published: 2024-11-19 21:31 – Updated: 2024-11-20 18:32In writeTypedArrayList and readTypedArrayList of Parcel.java, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2018-9339"
],
"database_specific": {
"cwe_ids": [
"CWE-704",
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-19T19:15:05Z",
"severity": "HIGH"
},
"details": "In writeTypedArrayList and readTypedArrayList of Parcel.java, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-v38r-cmm6-v8c3",
"modified": "2024-11-20T18:32:16Z",
"published": "2024-11-19T21:31:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9339"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2018-06-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V39P-96QG-C8RF
Vulnerability from github – Published: 2021-09-01 18:37 – Updated: 2023-09-08 21:25This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === '__proto__' returns false if currentPath is ['__proto__']. This is because the === operator returns always false when the type of the operands is different.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "object-path"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.11.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-23434"
],
"database_specific": {
"cwe_ids": [
"CWE-1321",
"CWE-843"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-30T18:16:08Z",
"nvd_published_at": "2021-08-27T17:15:00Z",
"severity": "MODERATE"
},
"details": "This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition `currentPath === \u0027__proto__\u0027` returns false if `currentPath` is `[\u0027__proto__\u0027]`. This is because the `===` operator returns always false when the type of the operands is different.",
"id": "GHSA-v39p-96qg-c8rf",
"modified": "2023-09-08T21:25:42Z",
"published": "2021-09-01T18:37:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23434"
},
{
"type": "WEB",
"url": "https://github.com/mariocasciaro/object-path/commit/7bdf4abefd102d16c163d633e8994ef154cab9eb"
},
{
"type": "PACKAGE",
"url": "https://github.com/mariocasciaro/object-path"
},
{
"type": "WEB",
"url": "https://github.com/mariocasciaro/object-path#0116"
},
{
"type": "WEB",
"url": "https://github.com/mariocasciaro/object-path%230116"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00031.html"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1570423"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JS-OBJECTPATH-1569453"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "Prototype Pollution in object-path"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.