CWE-704
Allowed-with-ReviewIncorrect Type Conversion or Cast
Abstraction: Class · Status: Incomplete
The product does not correctly convert an object, resource, or structure from one type to a different type.
334 vulnerabilities reference this CWE, most recent first.
GHSA-46C5-PFJ8-FV65
Vulnerability from github – Published: 2022-03-18 22:36 – Updated: 2025-12-26 17:29Impact
Due to a workaround applied in 1.13, an attacker may send a negative damage/meta value in a tool or armour item's NBT, which TypeConverter then blindly uses as if it was valid without being checked.
When this invalid metadata value reaches Durable->setDamage(), an exception is thrown because the metadata is not within the expected range for damage values.
This can be reproduced with either a too-large damage value, or a negative one.
Patches
c8e1cfcbee4945fd4b63d2a7e96025c59744d4f1
Workarounds
In theory this can be checked by plugins using a custom TypeConverter, but this is likely to be very cumbersome.
For more information
- Email us at team@pmmp.io
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "pocketmine/pocketmine-mp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.2.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": true,
"github_reviewed_at": "2022-03-18T22:36:03Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Impact\nDue to a workaround applied in 1.13, an attacker may send a negative damage/meta value in a tool or armour item\u0027s NBT, which `TypeConverter` then blindly uses as if it was valid without being checked.\n\nWhen this invalid metadata value reaches `Durable-\u003esetDamage()`, an exception is thrown because the metadata is not within the expected range for damage values.\n\nThis can be reproduced with either a too-large damage value, or a negative one.\n\n### Patches\nc8e1cfcbee4945fd4b63d2a7e96025c59744d4f1\n\n### Workarounds\nIn theory this can be checked by plugins using a custom `TypeConverter`, but this is likely to be very cumbersome.\n\n### For more information\n* Email us at [team@pmmp.io](mailto:team@pmmp.io)",
"id": "GHSA-46c5-pfj8-fv65",
"modified": "2025-12-26T17:29:39Z",
"published": "2022-03-18T22:36:03Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/pmmp/PocketMine-MP/security/advisories/GHSA-46c5-pfj8-fv65"
},
{
"type": "WEB",
"url": "https://github.com/pmmp/PocketMine-MP/commit/c8e1cfcbee4945fd4b63d2a7e96025c59744d4f1"
},
{
"type": "PACKAGE",
"url": "https://github.com/pmmp/PocketMine-MP"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Improperly checked metadata on tools/armour itemstacks received from the client"
}
GHSA-47X2-VR4F-J64C
Vulnerability from github – Published: 2022-05-17 00:15 – Updated: 2022-05-17 00:15An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a type confusion overflow vulnerability in the graphics rendering engine.
{
"affected": [],
"aliases": [
"CVE-2017-16379"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-12-09T06:29:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a type confusion overflow vulnerability in the graphics rendering engine.",
"id": "GHSA-47x2-vr4f-j64c",
"modified": "2022-05-17T00:15:05Z",
"published": "2022-05-17T00:15:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16379"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/101815"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039791"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-488P-W8X3-XH6M
Vulnerability from github – Published: 2023-03-20 21:30 – Updated: 2023-03-23 21:30An integer conversion vulnerability exists in the SORBAx64.dll RecvPacket functionality of WellinTech KingHistorian 35.01.00.05. A specially crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2022-43663"
],
"database_specific": {
"cwe_ids": [
"CWE-195",
"CWE-681",
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-20T21:15:00Z",
"severity": "CRITICAL"
},
"details": "An integer conversion vulnerability exists in the SORBAx64.dll RecvPacket functionality of WellinTech KingHistorian 35.01.00.05. A specially crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.",
"id": "GHSA-488p-w8x3-xh6m",
"modified": "2023-03-23T21:30:20Z",
"published": "2023-03-20T21:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43663"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1674"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4HG4-233M-6GXV
Vulnerability from github – Published: 2022-05-14 00:53 – Updated: 2022-05-14 00:53Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
{
"affected": [],
"aliases": [
"CVE-2018-12793"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-20T19:29:00Z",
"severity": "MODERATE"
},
"details": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",
"id": "GHSA-4hg4-233m-6gxv",
"modified": "2022-05-14T00:53:17Z",
"published": "2022-05-14T00:53:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12793"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104701"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041250"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4Q76-Q6W7-7FW8
Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getAnnot method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6013.
{
"affected": [],
"aliases": [
"CVE-2018-14250"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-31T20:29:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getAnnot method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6013.",
"id": "GHSA-4q76-q6w7-7fw8",
"modified": "2022-05-13T01:34:40Z",
"published": "2022-05-13T01:34:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14250"
},
{
"type": "WEB",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"type": "WEB",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-710"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4Q8R-JQ54-3G3M
Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the importDataObject method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6029.
{
"affected": [],
"aliases": [
"CVE-2018-14266"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-31T20:29:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the importDataObject method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6029.",
"id": "GHSA-4q8r-jq54-3g3m",
"modified": "2022-05-13T01:34:38Z",
"published": "2022-05-13T01:34:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14266"
},
{
"type": "WEB",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"type": "WEB",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-726"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4R75-VJ28-W5C7
Vulnerability from github – Published: 2022-02-17 00:00 – Updated: 2022-07-02 00:00A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This could be plausibly exploited for remote code execution on the client.
{
"affected": [],
"aliases": [
"CVE-2021-3578"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-16T19:15:00Z",
"severity": "HIGH"
},
"details": "A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This could be plausibly exploited for remote code execution on the client.",
"id": "GHSA-4r75-vj28-w5c7",
"modified": "2022-07-02T00:00:25Z",
"published": "2022-02-17T00:00:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3578"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961710"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1967397"
},
{
"type": "WEB",
"url": "https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00001.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPIDLIJKNRJHUVBCL7QGAPAAVPIHQGXK"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U75UFEWRAZYKVL5NHMPBUOLWN3WXTOEI"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-15"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2021/06/07/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/06/07/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-4RP9-CVV6-V7V9
Vulnerability from github – Published: 2022-05-13 01:26 – Updated: 2022-05-13 01:26Google Chrome before 11.0.696.57 does not properly perform a cast of an unspecified variable during handling of floating select lists, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted HTML document.
{
"affected": [],
"aliases": [
"CVE-2011-1441"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2011-05-03T22:55:00Z",
"severity": "MODERATE"
},
"details": "Google Chrome before 11.0.696.57 does not properly perform a cast of an unspecified variable during handling of floating select lists, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted HTML document.",
"id": "GHSA-4rp9-cvv6-v7v9",
"modified": "2022-05-13T01:26:18Z",
"published": "2022-05-13T01:26:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1441"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67148"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14646"
},
{
"type": "WEB",
"url": "http://code.google.com/p/chromium/issues/detail?id=75347"
},
{
"type": "WEB",
"url": "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-4X52-G43X-CFXM
Vulnerability from github – Published: 2026-02-10 21:31 – Updated: 2026-02-10 21:31An authorized user may disable the MongoDB server by issuing a query against a collection that contains an invalid compound wildcard index.
{
"affected": [],
"aliases": [
"CVE-2026-25613"
],
"database_specific": {
"cwe_ids": [
"CWE-704"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-10T19:16:04Z",
"severity": "HIGH"
},
"details": "An authorized user may disable the MongoDB server by issuing a query against a collection that contains an invalid compound wildcard index.",
"id": "GHSA-4x52-g43x-cfxm",
"modified": "2026-02-10T21:31:30Z",
"published": "2026-02-10T21:31:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25613"
},
{
"type": "WEB",
"url": "https://jira.mongodb.org/browse/SERVER-113685"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-4X64-W698-XF5G
Vulnerability from github – Published: 2023-06-02 18:30 – Updated: 2024-04-04 04:30While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.
{
"affected": [],
"aliases": [
"CVE-2023-28162"
],
"database_specific": {
"cwe_ids": [
"CWE-704",
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-02T17:15:12Z",
"severity": "HIGH"
},
"details": "While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. This vulnerability affects Firefox \u003c 111, Firefox ESR \u003c 102.9, and Thunderbird \u003c 102.9.",
"id": "GHSA-4x64-w698-xf5g",
"modified": "2024-04-04T04:30:29Z",
"published": "2023-06-02T18:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28162"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1811327"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-09"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-10"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-11"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.