CWE-843
AllowedAccess of Resource Using Incompatible Type ('Type Confusion')
Abstraction: Base · Status: Incomplete
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
1041 vulnerabilities reference this CWE, most recent first.
GHSA-P92X-R36W-9395
Vulnerability from github – Published: 2021-09-02 22:02 – Updated: 2023-09-07 18:41This affects the package mpath before 0.8.4. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOf(parts[i]) !== -1 returns -1 if parts[i] is ['__proto__']. This is because the method that has been called if the input is an array is Array.prototype.indexOf() and not String.prototype.indexOf(). They behave differently depending on the type of the input.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "mpath"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.8.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-23438"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": true,
"github_reviewed_at": "2021-09-02T17:06:28Z",
"nvd_published_at": "2021-09-01T19:15:00Z",
"severity": "MODERATE"
},
"details": "This affects the package mpath before 0.8.4. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition `ignoreProperties.indexOf(parts[i]) !== -1` returns `-1` if `parts[i]` is `[\u0027__proto__\u0027]`. This is because the method that has been called if the input is an array is `Array.prototype.indexOf()` and not `String.prototype.indexOf()`. They behave differently depending on the type of the input.",
"id": "GHSA-p92x-r36w-9395",
"modified": "2023-09-07T18:41:16Z",
"published": "2021-09-02T22:02:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23438"
},
{
"type": "WEB",
"url": "https://github.com/aheckmann/mpath/commit/89402d2880d4ea3518480a8c9847c541f2d824fc"
},
{
"type": "WEB",
"url": "https://github.com/mongoosejs/mpath/commit/89402d2880d4ea3518480a8c9847c541f2d824fc"
},
{
"type": "PACKAGE",
"url": "https://github.com/aheckmann/mpath"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1579548"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JS-MPATH-1577289"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "Type confusion in mpath"
}
GHSA-PC78-JP75-W4GW
Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-05-24 19:07A Type Confusion vulnerability in Autodesk 2018, 2017, 2013, 2012, 2011 can occur when processing a maliciously crafted PDF file. An attacker can leverage this to execute arbitrary code.
{
"affected": [],
"aliases": [
"CVE-2021-27038"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-09T15:15:00Z",
"severity": "HIGH"
},
"details": "A Type Confusion vulnerability in Autodesk 2018, 2017, 2013, 2012, 2011 can occur when processing a maliciously crafted PDF file. An attacker can leverage this to execute arbitrary code.",
"id": "GHSA-pc78-jp75-w4gw",
"modified": "2022-05-24T19:07:21Z",
"published": "2022-05-24T19:07:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27038"
},
{
"type": "WEB",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0003"
},
{
"type": "WEB",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PCC6-9JM9-HFP4
Vulnerability from github – Published: 2022-05-24 17:08 – Updated: 2022-05-24 17:08Adobe Flash Player versions 32.0.0.321 and earlier, 32.0.0.314 and earlier, 32.0.0.321 and earlier, and 32.0.0.255 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2020-3757"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-02-13T16:15:00Z",
"severity": "HIGH"
},
"details": "Adobe Flash Player versions 32.0.0.321 and earlier, 32.0.0.314 and earlier, 32.0.0.321 and earlier, and 32.0.0.255 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.",
"id": "GHSA-pcc6-9jm9-hfp4",
"modified": "2022-05-24T17:08:59Z",
"published": "2022-05-24T17:08:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3757"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0513"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb20-06.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202003-61"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-PF6X-CJMP-QQQQ
Vulnerability from github – Published: 2025-08-22 21:31 – Updated: 2025-08-22 21:31Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Salesforce Tableau Server, Tableau Desktop on Windows, Linux (File Upload modules) allows Local Code Inclusion.This issue affects Tableau Server, Tableau Desktop: before 2025.1.3, before 2024.2.12, before 2023.3.19.
{
"affected": [],
"aliases": [
"CVE-2025-26496"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-22T21:15:31Z",
"severity": "CRITICAL"
},
"details": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027) vulnerability in Salesforce Tableau Server, Tableau Desktop on Windows, Linux (File Upload modules) allows Local Code Inclusion.This issue affects Tableau Server, Tableau Desktop: before 2025.1.3, before 2024.2.12, before 2023.3.19.",
"id": "GHSA-pf6x-cjmp-qqqq",
"modified": "2025-08-22T21:31:16Z",
"published": "2025-08-22T21:31:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26496"
},
{
"type": "WEB",
"url": "https://help.salesforce.com/s/articleView?id=005132575\u0026type=1"
},
{
"type": "WEB",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1364"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PFFH-VP29-72W3
Vulnerability from github – Published: 2024-12-30 21:30 – Updated: 2024-12-30 21:30Ashlar-Vellum Cobalt XE File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of XE files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24847.
{
"affected": [],
"aliases": [
"CVE-2024-13049"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-30T21:15:07Z",
"severity": "HIGH"
},
"details": "Ashlar-Vellum Cobalt XE File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of XE files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24847.",
"id": "GHSA-pffh-vp29-72w3",
"modified": "2024-12-30T21:30:47Z",
"published": "2024-12-30T21:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13049"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1733"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PFV3-RMQ3-8HRQ
Vulnerability from github – Published: 2025-03-23 18:30 – Updated: 2025-03-23 18:30No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
{
"affected": [],
"aliases": [
"CVE-2025-29806"
],
"database_specific": {
"cwe_ids": [
"CWE-843",
"CWE-94"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-23T17:15:29Z",
"severity": "MODERATE"
},
"details": "No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.",
"id": "GHSA-pfv3-rmq3-8hrq",
"modified": "2025-03-23T18:30:28Z",
"published": "2025-03-23T18:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29806"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29806"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PFX2-9X9M-7GHX
Vulnerability from github – Published: 2026-04-14 21:31 – Updated: 2026-04-16 01:20In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the user_enabled_invert configuration option is False (the default). The _ldap_res_to_model method in the UserApi class only performed string-to-boolean conversion when user_enabled_invert was True. When False, the raw string value from LDAP (e.g., "FALSE") was used directly. Since non-empty strings are truthy in Python, users marked as disabled in LDAP were treated as enabled by Keystone, allowing them to authenticate and perform actions. All deployments using the LDAP identity backend without user_enabled_invert=True or user_enabled_emulation are affected.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "keystone"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "28.0.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-40683"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-16T01:20:22Z",
"nvd_published_at": "2026-04-14T20:16:48Z",
"severity": "HIGH"
},
"details": "In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the user_enabled_invert configuration option is False (the default). The _ldap_res_to_model method in the UserApi class only performed string-to-boolean conversion when user_enabled_invert was True. When False, the raw string value from LDAP (e.g., \"FALSE\") was used directly. Since non-empty strings are truthy in Python, users marked as disabled in LDAP were treated as enabled by Keystone, allowing them to authenticate and perform actions. All deployments using the LDAP identity backend without user_enabled_invert=True or user_enabled_emulation are affected.",
"id": "GHSA-pfx2-9x9m-7ghx",
"modified": "2026-04-16T01:20:22Z",
"published": "2026-04-14T21:31:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40683"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/keystone/+bug/2121152"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/keystone/+bug/2141713"
},
{
"type": "PACKAGE",
"url": "https://github.com/openstack/keystone"
},
{
"type": "WEB",
"url": "https://review.opendev.org/958205"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2026/04/14/9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
"type": "CVSS_V3"
}
],
"summary": "OpenStack Keystone: LDAP identity backend does not convert enabled attribute to boolean"
}
GHSA-PGCQ-8HV5-FRGJ
Vulnerability from github – Published: 2026-04-22 15:31 – Updated: 2026-04-27 15:30In the Linux kernel, the following vulnerability has been resolved:
team: fix header_ops type confusion with non-Ethernet ports
Similar to commit 950803f72547 ("bonding: fix type confusion in bond_setup_by_slave()") team has the same class of header_ops type confusion.
For non-Ethernet ports, team_setup_by_port() copies port_dev->header_ops directly. When the team device later calls dev_hard_header() or dev_parse_header(), these callbacks can run with the team net_device instead of the real lower device, so netdev_priv(dev) is interpreted as the wrong private type and can crash.
The syzbot report shows a crash in bond_header_create(), but the root cause is in team: the topology is gre -> bond -> team, and team calls the inherited header_ops with its own net_device instead of the lower device, so bond_header_create() receives a team device and interprets netdev_priv() as bonding private data, causing a type confusion crash.
Fix this by introducing team header_ops wrappers for create/parse, selecting a team port under RCU, and calling the lower device callbacks with port->dev, so each callback always sees the correct net_device context.
Also pass the selected lower device to the lower parse callback, so recursion is bounded in stacked non-Ethernet topologies and parse callbacks always run with the correct device context.
{
"affected": [],
"aliases": [
"CVE-2026-31502"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-22T14:16:48Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nteam: fix header_ops type confusion with non-Ethernet ports\n\nSimilar to commit 950803f72547 (\"bonding: fix type confusion in\nbond_setup_by_slave()\") team has the same class of header_ops type\nconfusion.\n\nFor non-Ethernet ports, team_setup_by_port() copies port_dev-\u003eheader_ops\ndirectly. When the team device later calls dev_hard_header() or\ndev_parse_header(), these callbacks can run with the team net_device\ninstead of the real lower device, so netdev_priv(dev) is interpreted as\nthe wrong private type and can crash.\n\nThe syzbot report shows a crash in bond_header_create(), but the root\ncause is in team: the topology is gre -\u003e bond -\u003e team, and team calls\nthe inherited header_ops with its own net_device instead of the lower\ndevice, so bond_header_create() receives a team device and interprets\nnetdev_priv() as bonding private data, causing a type confusion crash.\n\nFix this by introducing team header_ops wrappers for create/parse,\nselecting a team port under RCU, and calling the lower device callbacks\nwith port-\u003edev, so each callback always sees the correct net_device\ncontext.\n\nAlso pass the selected lower device to the lower parse callback, so\nrecursion is bounded in stacked non-Ethernet topologies and parse\ncallbacks always run with the correct device context.",
"id": "GHSA-pgcq-8hv5-frgj",
"modified": "2026-04-27T15:30:39Z",
"published": "2026-04-22T15:31:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31502"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0a7468ed49a6b65d34abcc6eb60e15f7f6d34da0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/20491d384d973a63fbdaf7a71e38d69b0659ea55"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/425000dbf17373a4ab8be9428f5dc055ef870a56"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6d3161fa3eee64d46b766fb0db33ec7f300ef52d"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PMC4-H8JW-3HC9
Vulnerability from github – Published: 2024-08-29 00:31 – Updated: 2024-08-29 21:31Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2024-8194"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-28T23:15:06Z",
"severity": "HIGH"
},
"details": "Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-pmc4-h8jw-3hc9",
"modified": "2024-08-29T21:31:03Z",
"published": "2024-08-29T00:31:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8194"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_28.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/360533914"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PMJJ-2M89-X72G
Vulnerability from github – Published: 2022-05-24 17:49 – Updated: 2022-05-24 17:49Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2021-21230"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-30T21:15:00Z",
"severity": "HIGH"
},
"details": "Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"id": "GHSA-pmjj-2m89-x72g",
"modified": "2022-05-24T17:49:22Z",
"published": "2022-05-24T17:49:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21230"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1198705"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EAJ42L4JFPBJATCZ7MOZQTUDGV4OEHHG"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3GZ42MYPGD35V652ZPVPYYS7A7LVXVY"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUZBGKGVZADNA3I24NVG7HAYYUTOSN5A"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202104-08"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4911"
}
],
"schema_version": "1.4.0",
"severity": []
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.