Common Weakness Enumeration

CWE-704

Allowed-with-Review

Incorrect Type Conversion or Cast

Abstraction: Class · Status: Incomplete

The product does not correctly convert an object, resource, or structure from one type to a different type.

334 vulnerabilities reference this CWE, most recent first.

GHSA-Q4H4-GMJ2-QVW2

Vulnerability from github – Published: 2026-06-25 22:14 – Updated: 2026-07-07 15:22
VLAI
Summary
golang.org/x/crypto: Invoking byte arithmetic causes underflow and panic
Details

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "golang.org/x/crypto"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.52.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-46597"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-704"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-25T22:14:22Z",
    "nvd_published_at": "2026-05-22T04:16:26Z",
    "severity": "HIGH"
  },
  "details": "An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs.",
  "id": "GHSA-q4h4-gmj2-qvw2",
  "modified": "2026-07-07T15:22:53Z",
  "published": "2026-06-25T22:14:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46597"
    },
    {
      "type": "PACKAGE",
      "url": "https://cs.opensource.google/go/x/crypto"
    },
    {
      "type": "WEB",
      "url": "https://go.dev/cl/781620"
    },
    {
      "type": "WEB",
      "url": "https://go.dev/issue/79561"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2026-5013"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "golang.org/x/crypto: Invoking byte arithmetic causes underflow and panic"
}

GHSA-Q4WH-V7C9-6WFR

Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34
VLAI
Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the resetForm method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6060.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-14279"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-704"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-31T20:29:00Z",
    "severity": "HIGH"
  },
  "details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the resetForm method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6060.",
  "id": "GHSA-q4wh-v7c9-6wfr",
  "modified": "2022-05-13T01:34:37Z",
  "published": "2022-05-13T01:34:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14279"
    },
    {
      "type": "WEB",
      "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
    },
    {
      "type": "WEB",
      "url": "https://zerodayinitiative.com/advisories/ZDI-18-739"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q5W3-FFHF-J4GQ

Vulnerability from github – Published: 2025-06-06 15:30 – Updated: 2025-06-06 15:30
VLAI
Details

An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full compromise of the device

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-41646"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-704"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-06T15:15:26Z",
    "severity": "CRITICAL"
  },
  "details": "An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full compromise of the device",
  "id": "GHSA-q5w3-ffhf-j4gq",
  "modified": "2025-06-06T15:30:54Z",
  "published": "2025-06-06T15:30:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41646"
    },
    {
      "type": "WEB",
      "url": "https://psirt.kunbus.com/.well-known/csaf/white/2025/kunbus-2025-0000003.json"
    },
    {
      "type": "WEB",
      "url": "https://www.kunbus.com/en/productsecurity/Kunbus-2025-0000003"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q6J4-3RQW-Q54P

Vulnerability from github – Published: 2022-05-13 01:33 – Updated: 2022-05-13 01:33
VLAI
Details

A type confusion vulnerability exists when processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, which may allow an attacker to execute code in the context of the application.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-17913"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-704"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-11-05T23:29:00Z",
    "severity": "HIGH"
  },
  "details": "A type confusion vulnerability exists when processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, which may allow an attacker to execute code in the context of the application.",
  "id": "GHSA-q6j4-3rqw-q54p",
  "modified": "2022-05-13T01:33:46Z",
  "published": "2022-05-13T01:33:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17913"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-290-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105691"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q7F3-6HM8-23CP

Vulnerability from github – Published: 2022-05-24 17:15 – Updated: 2022-05-24 17:15
VLAI
Details

A type confusion vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to arbitary code read/write on the system running it.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-7081"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-704",
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-17T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "A type confusion vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to arbitary code read/write on the system running it.",
  "id": "GHSA-q7f3-6hm8-23cp",
  "modified": "2022-05-24T17:15:45Z",
  "published": "2022-05-24T17:15:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7081"
    },
    {
      "type": "WEB",
      "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q948-X8RF-888M

Vulnerability from github – Published: 2021-08-25 20:47 – Updated: 2023-06-13 20:12
VLAI
Summary
os_str_bytes relies on undefined behavior of `char::from_u32_unchecked`
Details

The Windows implementation of this crate relied on the behavior of std::char::from_u32_unchecked when its safety clause is violated. Even though this worked with Rust versions up to 1.42 (at least), that behavior could change with any new Rust version, possibly leading a security issue.

The flaw was corrected in version 2.0.0.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "os_str_bytes"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-35865"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-704"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-19T21:08:17Z",
    "nvd_published_at": "2020-12-31T10:15:00Z",
    "severity": "HIGH"
  },
  "details": "The Windows implementation of this crate relied on the behavior of std::char::from_u32_unchecked when its safety clause is violated. Even though this worked with Rust versions up to 1.42 (at least), that behavior could change with any new Rust version, possibly leading a security issue.\n\nThe flaw was corrected in version 2.0.0.",
  "id": "GHSA-q948-x8rf-888m",
  "modified": "2023-06-13T20:12:22Z",
  "published": "2021-08-25T20:47:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35865"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dylni/os_str_bytes/pull/1"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/dylni/os_str_bytes"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2020-0012.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "os_str_bytes relies on undefined behavior of `char::from_u32_unchecked`"
}

GHSA-QJ3R-X7HH-XQ49

Vulnerability from github – Published: 2022-05-14 01:45 – Updated: 2022-05-14 01:45
VLAI
Details

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, existing checks in place on partition size are incomplete and can lead to heap overwrite vulnerabilities while loading a secure application from the boot loader.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-5861"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-704"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-11-27T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, existing checks in place on partition size are incomplete and can lead to heap overwrite vulnerabilities while loading a secure application from the boot loader.",
  "id": "GHSA-qj3r-x7hh-xq49",
  "modified": "2022-05-14T01:45:55Z",
  "published": "2022-05-14T01:45:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5861"
    },
    {
      "type": "WEB",
      "url": "https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=114a392e29bc900c0fe15cc1f3e9ba369cd03244"
    },
    {
      "type": "WEB",
      "url": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QJ93-37F5-MR29

Vulnerability from github – Published: 2022-05-17 00:00 – Updated: 2022-05-26 21:21
VLAI
Summary
Improper Input Validation in IpMatcher
Details

An Input Validation Vulnerability exists in Joel Christner .NET C# packages WatsonWebserver, IpMatcher 1.0.4.1 and below (IpMatcher) and 4.1.3 and below (WatsonWebserver) due to insufficient validation of input IP addresses and netmasks against the internal Matcher list of IP addresses and subnets.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.0.4.1"
      },
      "package": {
        "ecosystem": "NuGet",
        "name": "IpMatcher"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-33318"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-704"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-05-25T19:26:55Z",
    "nvd_published_at": "2022-05-16T16:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "An Input Validation Vulnerability exists in Joel Christner .NET C# packages WatsonWebserver, IpMatcher 1.0.4.1 and below (IpMatcher) and 4.1.3 and below (WatsonWebserver) due to insufficient validation of input IP addresses and netmasks against the internal Matcher list of IP addresses and subnets.",
  "id": "GHSA-qj93-37f5-mr29",
  "modified": "2022-05-26T21:21:26Z",
  "published": "2022-05-17T00:00:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33318"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jchristn/IpMatcher/commit/81d77c2f33aa912dbd032b34b9e184fc6e041d89"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jchristn/IpMatcher"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jchristn/WatsonWebserver"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kaoudis/advisories/blob/main/0-2021.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper Input Validation in IpMatcher"
}

GHSA-QMP6-R3J7-5R4X

Vulnerability from github – Published: 2022-05-13 01:37 – Updated: 2022-05-13 01:37
VLAI
Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the formNodes method of XFA Node objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5018.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-14826"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-704",
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-12-20T14:29:00Z",
    "severity": "HIGH"
  },
  "details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the formNodes method of XFA Node objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5018.",
  "id": "GHSA-qmp6-r3j7-5r4x",
  "modified": "2022-05-13T01:37:36Z",
  "published": "2022-05-13T01:37:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14826"
    },
    {
      "type": "WEB",
      "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
    },
    {
      "type": "WEB",
      "url": "https://zerodayinitiative.com/advisories/ZDI-17-870"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QRPM-P2H7-HRV2

Vulnerability from github – Published: 2022-01-21 23:57 – Updated: 2025-11-04 16:35
VLAI
Summary
Exposure of Sensitive Information to an Unauthorized Actor in nanoid
Details

The package nanoid from 3.0.0, before 3.1.31, are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "nanoid"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.1.31"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-23566"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-704"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-01-18T21:54:04Z",
    "nvd_published_at": "2022-01-14T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The package nanoid from 3.0.0, before 3.1.31, are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.",
  "id": "GHSA-qrpm-p2h7-hrv2",
  "modified": "2025-11-04T16:35:00Z",
  "published": "2022-01-21T23:57:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23566"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ai/nanoid/pull/328"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ai/nanoid/commit/2b7bd9332bc49b6330c7ddb08e5c661833db2575"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/artalar/bc6d1eb9a3477d15d2772e876169a444"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ai/nanoid"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00025.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2332550"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JS-NANOID-2332193"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Exposure of Sensitive Information to an Unauthorized Actor in nanoid"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.