Common Weakness Enumeration

CWE-704

Allowed-with-Review

Incorrect Type Conversion or Cast

Abstraction: Class · Status: Incomplete

The product does not correctly convert an object, resource, or structure from one type to a different type.

334 vulnerabilities reference this CWE, most recent first.

GHSA-9645-H66P-JM39

Vulnerability from github – Published: 2022-05-17 02:25 – Updated: 2022-05-17 02:25
VLAI
Details

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "CoreMedia External Displays" component. It allows local users to gain privileges or cause a denial of service (type confusion) via unspecified vectors.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-7655"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-704"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-02-20T08:59:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the \"CoreMedia External Displays\" component. It allows local users to gain privileges or cause a denial of service (type confusion) via unspecified vectors.",
  "id": "GHSA-9645-h66p-jm39",
  "modified": "2022-05-17T02:25:04Z",
  "published": "2022-05-17T02:25:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7655"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT207422"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT207423"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/94906"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037469"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-96QQ-MJ7C-755M

Vulnerability from github – Published: 2022-04-02 00:00 – Updated: 2022-04-10 00:01
VLAI
Details

Possible out of bounds access due to improper input validation during graphics profiling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-35105"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-704"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-01T05:15:00Z",
    "severity": "HIGH"
  },
  "details": "Possible out of bounds access due to improper input validation during graphics profiling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
  "id": "GHSA-96qq-mj7c-755m",
  "modified": "2022-04-10T00:01:11Z",
  "published": "2022-04-02T00:00:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35105"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/march-2022-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-97W6-7X99-5QMQ

Vulnerability from github – Published: 2022-05-14 04:01 – Updated: 2022-05-14 04:01
VLAI
Details

Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-5115"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-704"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-27T05:29:00Z",
    "severity": "HIGH"
  },
  "details": "Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.",
  "id": "GHSA-97w6-7x99-5qmq",
  "modified": "2022-05-14T04:01:31Z",
  "published": "2022-05-14T04:01:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5115"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:2676"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/744584"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201709-15"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2017/dsa-3985"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/100610"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039291"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-999V-2MW3-6JXP

Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34
VLAI
Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getPageRotation method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6023.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-14260"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-704"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-31T20:29:00Z",
    "severity": "HIGH"
  },
  "details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getPageRotation method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6023.",
  "id": "GHSA-999v-2mw3-6jxp",
  "modified": "2022-05-13T01:34:39Z",
  "published": "2022-05-13T01:34:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14260"
    },
    {
      "type": "WEB",
      "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
    },
    {
      "type": "WEB",
      "url": "https://zerodayinitiative.com/advisories/ZDI-18-720"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-99GR-HQGX-R784

Vulnerability from github – Published: 2023-08-08 12:30 – Updated: 2024-04-04 06:38
VLAI
Details

Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-21651"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-704"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-08T10:15:13Z",
    "severity": "HIGH"
  },
  "details": "Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE.",
  "id": "GHSA-99gr-hqgx-r784",
  "modified": "2024-04-04T06:38:20Z",
  "published": "2023-08-08T12:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21651"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9FVW-RXR2-XXW3

Vulnerability from github – Published: 2022-05-14 02:12 – Updated: 2025-04-12 13:03
VLAI
Details

The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles custom properties, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site that leverages "type confusion" in the StylePropertySerializer class.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-5161"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-704"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-09-11T10:59:00Z",
    "severity": "HIGH"
  },
  "details": "The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles custom properties, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site that leverages \"type confusion\" in the StylePropertySerializer class.",
  "id": "GHSA-9fvw-rxr2-xxw3",
  "modified": "2025-04-12T13:03:55Z",
  "published": "2022-05-14T02:12:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5161"
    },
    {
      "type": "WEB",
      "url": "https://codereview.chromium.org/2103043004"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/622420"
    },
    {
      "type": "WEB",
      "url": "https://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201610-09"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00008.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00073.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-1854.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2016/dsa-3660"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/92717"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1036729"
    },
    {
      "type": "WEB",
      "url": "http://zerodayinitiative.com/advisories/ZDI-16-501"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9H36-4JF2-HX53

Vulnerability from github – Published: 2017-10-24 18:33 – Updated: 2023-01-23 20:56
VLAI
Summary
extlib does not properly restrict casts of string values
Details

The extlib gem 0.9.15 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "extlib"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.9.16"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2013-1802"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-704"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:28:42Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "The extlib gem 0.9.15 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156.",
  "id": "GHSA-9h36-4jf2-hx53",
  "modified": "2023-01-23T20:56:41Z",
  "published": "2017-10-24T18:33:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1802"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=917233"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/datamapper/extlib"
    },
    {
      "type": "WEB",
      "url": "https://github.com/datamapper/extlib/compare/b4f98174ec35ac96f76a08d5624fad05d22879b5...4540e7102b803624cc2eade4bb8aaaa934fc31c5"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/extlib/CVE-2013-1802.yml"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20130203232028/https://support.cloud.engineyard.com/entries/22915701-january-14-2013-security-vulnerabilities-httparty-extlib-crack-nori-update-these-gems-immediately"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00002.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "extlib does not properly restrict casts of string values"
}

GHSA-9JXQ-5X44-GX23

Vulnerability from github – Published: 2025-02-14 18:03 – Updated: 2025-03-15 20:47
VLAI
Summary
Keylime registrar is vulnerable to Denial-of-Service attack when updated to version 7.12.0
Details

Impact

The Keylime registrar implemented more strict type checking on version 7.12.0. As a result, when updated to version 7.12.0, the registrar will not accept the format of the data previously stored in the database by versions >= 7.8.0, raising an exception.

This makes the Keylime registrar vulnerable to a Denial-of-Service attack in an update scenario, as an attacker could populate the registrar database by creating multiple valid agent registrations with different UUIDs while the version is still < 7.12.0. Then, when the Keylime registrar is updated to the 7.12.0 version, any query to the database matching any of the entries populated by the attacker will result in failure.

Patches

Users should upgrade to versions >= 7.12.1

Workarounds

  • Remove the registrar database and re-register all agents

Credit

Reported by: Anderson Toshiyuki Sasaki/@ansasaki Patched by: Anderson Toshiyuki Sasaki/@ansasaki

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "keylime"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.12.0"
            },
            {
              "fixed": "7.12.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "7.12.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2025-1057"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1287",
      "CWE-704"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-02-14T18:03:14Z",
    "nvd_published_at": "2025-03-15T09:15:10Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nThe Keylime `registrar` implemented more strict type checking on version 7.12.0. As a result, when updated to version 7.12.0, the `registrar` will not accept the format of the data previously stored in the database by versions  \u003e= 7.8.0, raising an exception.\n\nThis makes the Keylime `registrar` vulnerable to a Denial-of-Service attack in an update scenario, as an attacker could populate the `registrar` database by creating multiple valid agent registrations with different UUIDs while the version is still \u003c 7.12.0. Then, when the Keylime `registrar` is updated to the 7.12.0 version, any query to the database matching any of the entries populated by the attacker will result in failure.\n\n### Patches\nUsers should upgrade to versions \u003e= 7.12.1\n\n### Workarounds\n- Remove the registrar database and re-register all agents\n\n### Credit\n\nReported by: Anderson Toshiyuki Sasaki/@ansasaki\nPatched by: Anderson Toshiyuki Sasaki/@ansasaki",
  "id": "GHSA-9jxq-5x44-gx23",
  "modified": "2025-03-15T20:47:38Z",
  "published": "2025-02-14T18:03:14Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/keylime/keylime/security/advisories/GHSA-9jxq-5x44-gx23"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1057"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keylime/keylime/commit/e08b10d86c3717006774e787542c190e2ba24fc7"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2025-1057"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2343894"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/keylime/keylime"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Keylime registrar is vulnerable to Denial-of-Service attack when updated to version 7.12.0"
}

GHSA-9M45-9636-5JR3

Vulnerability from github – Published: 2025-01-11 15:30 – Updated: 2025-10-17 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

Revert "readahead: properly shorten readahead when falling back to do_page_cache_ra()"

This reverts commit 7c877586da3178974a8a94577b6045a48377ff25.

Anders and Philippe have reported that recent kernels occasionally hang when used with NFS in readahead code. The problem has been bisected to 7c877586da3 ("readahead: properly shorten readahead when falling back to do_page_cache_ra()"). The cause of the problem is that ra->size can be shrunk by read_pages() call and subsequently we end up calling do_page_cache_ra() with negative (read huge positive) number of pages. Let's revert 7c877586da3 for now until we can find a proper way how the logic in read_pages() and page_cache_ra_order() can coexist. This can lead to reduced readahead throughput due to readahead window confusion but that's better than outright hangs.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-57839"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-704"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-11T15:15:07Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"readahead: properly shorten readahead when falling back to do_page_cache_ra()\"\n\nThis reverts commit 7c877586da3178974a8a94577b6045a48377ff25.\n\nAnders and Philippe have reported that recent kernels occasionally hang\nwhen used with NFS in readahead code.  The problem has been bisected to\n7c877586da3 (\"readahead: properly shorten readahead when falling back to\ndo_page_cache_ra()\").  The cause of the problem is that ra-\u003esize can be\nshrunk by read_pages() call and subsequently we end up calling\ndo_page_cache_ra() with negative (read huge positive) number of pages. \nLet\u0027s revert 7c877586da3 for now until we can find a proper way how the\nlogic in read_pages() and page_cache_ra_order() can coexist.  This can\nlead to reduced readahead throughput due to readahead window confusion but\nthat\u0027s better than outright hangs.",
  "id": "GHSA-9m45-9636-5jr3",
  "modified": "2025-10-17T15:30:55Z",
  "published": "2025-01-11T15:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57839"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/85351e4941a253e4c50fb7048bfc19b60b4ec44b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a220d6b95b1ae12c7626283d7609f0a1438e6437"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9MC5-QVQR-XX6P

Vulnerability from github – Published: 2022-05-14 01:01 – Updated: 2022-05-14 01:01
VLAI
Details

Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-7861"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-704"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-11-08T17:59:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.",
  "id": "GHSA-9mc5-qvqr-xx6p",
  "modified": "2022-05-14T01:01:45Z",
  "published": "2022-05-14T01:01:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7861"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-141"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-37.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201611-18"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2676.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/94151"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037240"
    },
    {
      "type": "WEB",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-600"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.