Common Weakness Enumeration

CWE-843

Allowed

Access of Resource Using Incompatible Type ('Type Confusion')

Abstraction: Base · Status: Incomplete

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

1041 vulnerabilities reference this CWE, most recent first.

GHSA-R826-PH6F-65W5

Vulnerability from github – Published: 2022-05-24 17:14 – Updated: 2022-05-24 17:14
VLAI
Details

Type Confusion in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-6430"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-13T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Type Confusion in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
  "id": "GHSA-r826-ph6f-65w5",
  "modified": "2022-05-24T17:14:04Z",
  "published": "2022-05-24T17:14:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6430"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1031479"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020/dsa-4714"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R8JG-664J-5XQF

Vulnerability from github – Published: 2023-02-06 21:30 – Updated: 2023-02-14 18:30
VLAI
Details

In ion, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560720; Issue ID: ALPS07560720.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-20616"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-06T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In ion, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560720; Issue ID: ALPS07560720.",
  "id": "GHSA-r8jg-664j-5xqf",
  "modified": "2023-02-14T18:30:20Z",
  "published": "2023-02-06T21:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20616"
    },
    {
      "type": "WEB",
      "url": "https://corp.mediatek.com/product-security-bulletin/February-2023"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R98R-J25Q-RMPR

Vulnerability from github – Published: 2021-08-25 20:46 – Updated: 2023-08-25 00:12
VLAI
Summary
Rust Failure Crate Vulnerable to Type confusion
Details

Safe Rust code can implement malfunctioning __private_get_type_id__ and cause type confusion when downcasting, which is an undefined behavior.

Users who derive Fail trait are not affected.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "failure"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.1.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-25010"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-19T21:19:54Z",
    "nvd_published_at": "2020-12-31T10:15:14Z",
    "severity": "CRITICAL"
  },
  "details": "Safe Rust code can implement malfunctioning `__private_get_type_id__` and cause type confusion when downcasting, which is an undefined behavior.\n\nUsers who derive Fail trait are not affected.",
  "id": "GHSA-r98r-j25q-rmpr",
  "modified": "2023-08-25T00:12:20Z",
  "published": "2021-08-25T20:46:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25010"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rust-lang-nursery/failure/issues/336"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rust-lang-nursery/failure"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2019-0036.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Rust Failure Crate Vulnerable to Type confusion"
}

GHSA-R9P3-6CR4-6979

Vulnerability from github – Published: 2022-05-24 16:59 – Updated: 2022-05-24 16:59
VLAI
Details

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-8161"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-10-17T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .",
  "id": "GHSA-r9p3-6cr4-6979",
  "modified": "2022-05-24T16:59:19Z",
  "published": "2022-05-24T16:59:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8161"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb19-49.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-R9W7-JRPX-HMQG

Vulnerability from github – Published: 2025-04-04 03:30 – Updated: 2025-04-04 03:30
VLAI
Details

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-25000"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-04T01:15:38Z",
    "severity": "HIGH"
  },
  "details": "Access of resource using incompatible type (\u0027type confusion\u0027) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.",
  "id": "GHSA-r9w7-jrpx-hmqg",
  "modified": "2025-04-04T03:30:19Z",
  "published": "2025-04-04T03:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25000"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-25000"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RC69-9Q59-4F5F

Vulnerability from github – Published: 2025-07-23 00:30 – Updated: 2025-07-23 15:31
VLAI
Details

Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-8010"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-22T22:15:38Z",
    "severity": "HIGH"
  },
  "details": "Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-rc69-9q59-4f5f",
  "modified": "2025-07-23T15:31:13Z",
  "published": "2025-07-23T00:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8010"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_22.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/430344952"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RC7V-998G-3CP5

Vulnerability from github – Published: 2022-05-13 01:44 – Updated: 2022-05-13 01:44
VLAI
Details

In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing an encrypted authentication management frame, a stack buffer overflow may potentially occur.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-15860"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-02-23T23:29:00Z",
    "severity": "HIGH"
  },
  "details": "In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing an encrypted authentication management frame, a stack buffer overflow may potentially occur.",
  "id": "GHSA-rc7v-998g-3cp5",
  "modified": "2022-05-13T01:44:01Z",
  "published": "2022-05-13T01:44:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15860"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2018-02-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RCR4-6FGM-FJC6

Vulnerability from github – Published: 2022-02-15 00:02 – Updated: 2022-03-25 00:01
VLAI
Details

njs through 0.7.1, used in NGINX, was discovered to contain a control flow hijack caused by a Type Confusion vulnerability in njs_promise_perform_then().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-46463"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-14T22:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "njs through 0.7.1, used in NGINX, was discovered to contain a control flow hijack caused by a Type Confusion vulnerability in njs_promise_perform_then().",
  "id": "GHSA-rcr4-6fgm-fjc6",
  "modified": "2022-03-25T00:01:06Z",
  "published": "2022-02-15T00:02:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46463"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nginx/njs/issues/447"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nginx/njs/commit/6a40a85ff239497c6458c7dbef18f6a2736fe992"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20220303-0007"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RF7M-M6CH-RQM3

Vulnerability from github – Published: 2022-05-24 17:18 – Updated: 2022-05-24 17:18
VLAI
Details

Type confusion in Blink in Google Chrome prior to 81.0.4044.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-6464"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787",
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-05-21T04:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Type confusion in Blink in Google Chrome prior to 81.0.4044.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
  "id": "GHSA-rf7m-m6ch-rqm3",
  "modified": "2022-05-24T17:18:16Z",
  "published": "2022-05-24T17:18:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6464"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1071059"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202005-13"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020/dsa-4714"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00056.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00000.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RF85-M599-59PJ

Vulnerability from github – Published: 2026-02-04 06:31 – Updated: 2026-02-04 06:31
VLAI
Details

Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Hancom Inc. Hancom Office 2018, Hancom Inc. Hancom Office 2020, Hancom Inc. Hancom Office 2022, Hancom Inc. Hancom Office 2024 allows File Content Injection.This issue affects Hancom Office 2018: before 10.0.0.12681; Hancom Office 2020: before 11.0.0.8916; Hancom Office 2022: before 12.0.0.4426; Hancom Office 2024: before 13.0.0.3050.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-29867"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-04T05:16:06Z",
    "severity": "HIGH"
  },
  "details": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027) vulnerability in Hancom Inc. Hancom Office 2018, Hancom Inc. Hancom Office 2020, Hancom Inc. Hancom Office 2022, Hancom Inc. Hancom Office 2024 allows File Content Injection.This issue affects Hancom Office 2018: before 10.0.0.12681; Hancom Office 2020: before 11.0.0.8916; Hancom Office 2022: before 12.0.0.4426; Hancom Office 2024: before 13.0.0.3050.",
  "id": "GHSA-rf85-m599-59pj",
  "modified": "2026-02-04T06:31:20Z",
  "published": "2026-02-04T06:31:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29867"
    },
    {
      "type": "WEB",
      "url": "https://www.boho.or.kr/kr/bbs/view.do?searchCnd=\u0026bbsId=B0000302\u0026searchWrd=\u0026menuNo=205023\u0026pageIndex=1\u0026categoryCode=\u0026nttId=71959"
    },
    {
      "type": "WEB",
      "url": "https://www.hancom.com/support/downloadCenter/download"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.