CWE-843
AllowedAccess of Resource Using Incompatible Type ('Type Confusion')
Abstraction: Base · Status: Incomplete
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
1041 vulnerabilities reference this CWE, most recent first.
GHSA-R826-PH6F-65W5
Vulnerability from github – Published: 2022-05-24 17:14 – Updated: 2022-05-24 17:14Type Confusion in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2020-6430"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-04-13T18:15:00Z",
"severity": "MODERATE"
},
"details": "Type Confusion in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"id": "GHSA-r826-ph6f-65w5",
"modified": "2022-05-24T17:14:04Z",
"published": "2022-05-24T17:14:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6430"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1031479"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XWIVVYIQU67QR2LHNGGZBS4FZOW2RQO"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFVP775RPRDVY5FUCN7ABH5AE74TQFDD"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMXPDHEEACPD3BCMTC26SCCYB2ZMUOAO"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4714"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R8JG-664J-5XQF
Vulnerability from github – Published: 2023-02-06 21:30 – Updated: 2023-02-14 18:30In ion, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560720; Issue ID: ALPS07560720.
{
"affected": [],
"aliases": [
"CVE-2023-20616"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-06T20:15:00Z",
"severity": "MODERATE"
},
"details": "In ion, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560720; Issue ID: ALPS07560720.",
"id": "GHSA-r8jg-664j-5xqf",
"modified": "2023-02-14T18:30:20Z",
"published": "2023-02-06T21:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20616"
},
{
"type": "WEB",
"url": "https://corp.mediatek.com/product-security-bulletin/February-2023"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R98R-J25Q-RMPR
Vulnerability from github – Published: 2021-08-25 20:46 – Updated: 2023-08-25 00:12Safe Rust code can implement malfunctioning __private_get_type_id__ and cause type confusion when downcasting, which is an undefined behavior.
Users who derive Fail trait are not affected.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "failure"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.1.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-25010"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-19T21:19:54Z",
"nvd_published_at": "2020-12-31T10:15:14Z",
"severity": "CRITICAL"
},
"details": "Safe Rust code can implement malfunctioning `__private_get_type_id__` and cause type confusion when downcasting, which is an undefined behavior.\n\nUsers who derive Fail trait are not affected.",
"id": "GHSA-r98r-j25q-rmpr",
"modified": "2023-08-25T00:12:20Z",
"published": "2021-08-25T20:46:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25010"
},
{
"type": "WEB",
"url": "https://github.com/rust-lang-nursery/failure/issues/336"
},
{
"type": "PACKAGE",
"url": "https://github.com/rust-lang-nursery/failure"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2019-0036.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Rust Failure Crate Vulnerable to Type confusion"
}
GHSA-R9P3-6CR4-6979
Vulnerability from github – Published: 2022-05-24 16:59 – Updated: 2022-05-24 16:59Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .
{
"affected": [],
"aliases": [
"CVE-2019-8161"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-17T21:15:00Z",
"severity": "HIGH"
},
"details": "Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .",
"id": "GHSA-r9p3-6cr4-6979",
"modified": "2022-05-24T16:59:19Z",
"published": "2022-05-24T16:59:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8161"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb19-49.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-R9W7-JRPX-HMQG
Vulnerability from github – Published: 2025-04-04 03:30 – Updated: 2025-04-04 03:30Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
{
"affected": [],
"aliases": [
"CVE-2025-25000"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-04T01:15:38Z",
"severity": "HIGH"
},
"details": "Access of resource using incompatible type (\u0027type confusion\u0027) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.",
"id": "GHSA-r9w7-jrpx-hmqg",
"modified": "2025-04-04T03:30:19Z",
"published": "2025-04-04T03:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25000"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-25000"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RC69-9Q59-4F5F
Vulnerability from github – Published: 2025-07-23 00:30 – Updated: 2025-07-23 15:31Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2025-8010"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-22T22:15:38Z",
"severity": "HIGH"
},
"details": "Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-rc69-9q59-4f5f",
"modified": "2025-07-23T15:31:13Z",
"published": "2025-07-23T00:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8010"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_22.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/430344952"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RC7V-998G-3CP5
Vulnerability from github – Published: 2022-05-13 01:44 – Updated: 2022-05-13 01:44In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing an encrypted authentication management frame, a stack buffer overflow may potentially occur.
{
"affected": [],
"aliases": [
"CVE-2017-15860"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-02-23T23:29:00Z",
"severity": "HIGH"
},
"details": "In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing an encrypted authentication management frame, a stack buffer overflow may potentially occur.",
"id": "GHSA-rc7v-998g-3cp5",
"modified": "2022-05-13T01:44:01Z",
"published": "2022-05-13T01:44:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15860"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2018-02-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RCR4-6FGM-FJC6
Vulnerability from github – Published: 2022-02-15 00:02 – Updated: 2022-03-25 00:01njs through 0.7.1, used in NGINX, was discovered to contain a control flow hijack caused by a Type Confusion vulnerability in njs_promise_perform_then().
{
"affected": [],
"aliases": [
"CVE-2021-46463"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-14T22:15:00Z",
"severity": "CRITICAL"
},
"details": "njs through 0.7.1, used in NGINX, was discovered to contain a control flow hijack caused by a Type Confusion vulnerability in njs_promise_perform_then().",
"id": "GHSA-rcr4-6fgm-fjc6",
"modified": "2022-03-25T00:01:06Z",
"published": "2022-02-15T00:02:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46463"
},
{
"type": "WEB",
"url": "https://github.com/nginx/njs/issues/447"
},
{
"type": "WEB",
"url": "https://github.com/nginx/njs/commit/6a40a85ff239497c6458c7dbef18f6a2736fe992"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220303-0007"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RF7M-M6CH-RQM3
Vulnerability from github – Published: 2022-05-24 17:18 – Updated: 2022-05-24 17:18Type confusion in Blink in Google Chrome prior to 81.0.4044.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2020-6464"
],
"database_specific": {
"cwe_ids": [
"CWE-787",
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-05-21T04:15:00Z",
"severity": "MODERATE"
},
"details": "Type confusion in Blink in Google Chrome prior to 81.0.4044.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"id": "GHSA-rf7m-m6ch-rqm3",
"modified": "2022-05-24T17:18:16Z",
"published": "2022-05-24T17:18:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6464"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1071059"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202005-13"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4714"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00056.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00000.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RF85-M599-59PJ
Vulnerability from github – Published: 2026-02-04 06:31 – Updated: 2026-02-04 06:31Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Hancom Inc. Hancom Office 2018, Hancom Inc. Hancom Office 2020, Hancom Inc. Hancom Office 2022, Hancom Inc. Hancom Office 2024 allows File Content Injection.This issue affects Hancom Office 2018: before 10.0.0.12681; Hancom Office 2020: before 11.0.0.8916; Hancom Office 2022: before 12.0.0.4426; Hancom Office 2024: before 13.0.0.3050.
{
"affected": [],
"aliases": [
"CVE-2025-29867"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-04T05:16:06Z",
"severity": "HIGH"
},
"details": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027) vulnerability in Hancom Inc. Hancom Office 2018, Hancom Inc. Hancom Office 2020, Hancom Inc. Hancom Office 2022, Hancom Inc. Hancom Office 2024 allows File Content Injection.This issue affects Hancom Office 2018: before 10.0.0.12681; Hancom Office 2020: before 11.0.0.8916; Hancom Office 2022: before 12.0.0.4426; Hancom Office 2024: before 13.0.0.3050.",
"id": "GHSA-rf85-m599-59pj",
"modified": "2026-02-04T06:31:20Z",
"published": "2026-02-04T06:31:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29867"
},
{
"type": "WEB",
"url": "https://www.boho.or.kr/kr/bbs/view.do?searchCnd=\u0026bbsId=B0000302\u0026searchWrd=\u0026menuNo=205023\u0026pageIndex=1\u0026categoryCode=\u0026nttId=71959"
},
{
"type": "WEB",
"url": "https://www.hancom.com/support/downloadCenter/download"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.