Common Weakness Enumeration

CWE-843

Allowed

Access of Resource Using Incompatible Type ('Type Confusion')

Abstraction: Base · Status: Incomplete

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

1041 vulnerabilities reference this CWE, most recent first.

GHSA-CWFF-VVRC-985J

Vulnerability from github – Published: 2025-11-18 00:30 – Updated: 2025-11-18 03:31
VLAI
Details

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-13227"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-18T00:15:47Z",
    "severity": "HIGH"
  },
  "details": "Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-cwff-vvrc-985j",
  "modified": "2025-11-18T03:31:14Z",
  "published": "2025-11-18T00:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13227"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/446122633"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CWR3-4FC3-J8H8

Vulnerability from github – Published: 2024-09-17 21:30 – Updated: 2024-09-18 18:30
VLAI
Details

Type Confusion in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-8904"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-17T21:15:12Z",
    "severity": "HIGH"
  },
  "details": "Type Confusion in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-cwr3-4fc3-j8h8",
  "modified": "2024-09-18T18:30:51Z",
  "published": "2024-09-17T21:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8904"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_17.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/365376497"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CWWW-4CWR-37PH

Vulnerability from github – Published: 2022-05-24 17:25 – Updated: 2023-02-03 00:30
VLAI
Details

JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-15656"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-08-10T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR \u003c 78.1, Firefox \u003c 79, and Thunderbird \u003c 78.1.",
  "id": "GHSA-cwww-4cwr-37ph",
  "modified": "2023-02-03T00:30:18Z",
  "published": "2022-05-24T17:25:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15656"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1647293"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4443-1"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2020-30"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2020-32"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2020-33"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CX9J-4FC4-GGQG

Vulnerability from github – Published: 2022-05-24 16:54 – Updated: 2022-05-24 16:54
VLAI
Details

Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-7972"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-08-26T18:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.",
  "id": "GHSA-cx9j-4fc4-ggqg",
  "modified": "2022-05-24T16:54:49Z",
  "published": "2022-05-24T16:54:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7972"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/photoshop/apsb19-44.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-CXMW-4JM5-5GX9

Vulnerability from github – Published: 2022-05-24 19:02 – Updated: 2022-05-24 19:02
VLAI
Details

Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Type Confusion in the LOTCompLayerItem::LOTCompLayerItem function of their custom fork of the rlottie library. A remote attacker might be able to access heap memory out-of-bounds on a victim device via a malicious animated sticker.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-31318"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-18T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Telegram Android \u003c7.1.0 (2090), Telegram iOS \u003c7.1, and Telegram macOS \u003c7.1 are affected by a Type Confusion in the LOTCompLayerItem::LOTCompLayerItem function of their custom fork of the rlottie library. A remote attacker might be able to access heap memory out-of-bounds on a victim device via a malicious animated sticker.",
  "id": "GHSA-cxmw-4jm5-5gx9",
  "modified": "2022-05-24T19:02:40Z",
  "published": "2022-05-24T19:02:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31318"
    },
    {
      "type": "WEB",
      "url": "https://www.shielder.it/advisories/telegram-rlottie-lotcomplayeritem-lotcomplayeritem-type-confusion"
    },
    {
      "type": "WEB",
      "url": "https://www.shielder.it/blog/2021/02/hunting-for-bugs-in-telegrams-animated-stickers-remote-attack-surface"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-CXR8-69XQ-5R5P

Vulnerability from github – Published: 2024-06-11 21:32 – Updated: 2024-06-20 15:31
VLAI
Details

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-5833"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-11T21:15:54Z",
    "severity": "HIGH"
  },
  "details": "Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-cxr8-69xq-5r5p",
  "modified": "2024-06-20T15:31:11Z",
  "published": "2024-06-11T21:32:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5833"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/342602616"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F35R-MCW4-GG3W

Vulnerability from github – Published: 2023-06-13 18:30 – Updated: 2025-05-05 18:32
VLAI
Details

Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-3216"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-13T18:15:22Z",
    "severity": "HIGH"
  },
  "details": "Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-f35r-mcw4-gg3w",
  "modified": "2025-05-05T18:32:42Z",
  "published": "2023-06-13T18:30:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3216"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_13.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1450114"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEH75UOM7FAXDUPC37YHP7ONL2HSDIJR"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O362DC3ZCFRXVHOXMPIL73YOWABQEUYD"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202311-11"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202401-34"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5428"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F3PP-32QC-36W4

Vulnerability from github – Published: 2021-09-22 20:36 – Updated: 2021-09-22 14:30
VLAI
Summary
Prototype Pollution in jointjs
Details

This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "jointjs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-23444"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321",
      "CWE-843"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-09-22T14:30:35Z",
    "nvd_published_at": "2021-09-21T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function.",
  "id": "GHSA-f3pp-32qc-36w4",
  "modified": "2021-09-22T14:30:35Z",
  "published": "2021-09-22T20:36:34Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/clientIO/joint/pull/1514"
    },
    {
      "type": "WEB",
      "url": "https://github.com/clientIO/joint/commit/e5bf89efef6d5ea572d66870ffd86560de7830a8"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/clientIO/joint"
    },
    {
      "type": "WEB",
      "url": "https://github.com/clientIO/joint/releases/tag/v3.4.2"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1655817"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1655816"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JS-JOINTJS-1579578"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Prototype Pollution in jointjs"
}

GHSA-F3WV-RX3X-V6FH

Vulnerability from github – Published: 2022-05-24 17:35 – Updated: 2025-10-22 00:32
VLAI
Details

A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to execute arbitrary code with kernel privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-27932"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-12-08T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to execute arbitrary code with kernel privileges.",
  "id": "GHSA-f3wv-rx3x-v6fh",
  "modified": "2025-10-22T00:32:01Z",
  "published": "2022-05-24T17:35:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27932"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT211928"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT211929"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT211931"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT211940"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT211944"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT211945"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT211946"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT211947"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-27932"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/161295/XNU-Kernel-Turnstiles-Type-Confusion.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2020/Dec/32"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F464-84Q7-49HM

Vulnerability from github – Published: 2023-10-19 18:30 – Updated: 2024-04-04 08:48
VLAI
Details

An out-of-bounds write vulnerability exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause a type confusion, which can lead to memory corruption and eventually arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-38128"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787",
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-19T18:15:09Z",
    "severity": "HIGH"
  },
  "details": "An out-of-bounds write vulnerability exists in the \"HyperLinkFrame\" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause a type confusion, which can lead to memory corruption and eventually arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.",
  "id": "GHSA-f464-84q7-49hm",
  "modified": "2024-04-04T08:48:37Z",
  "published": "2023-10-19T18:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38128"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN28846531/index.html"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1809"
    },
    {
      "type": "WEB",
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1809"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.