Common Weakness Enumeration

CWE-704

Allowed-with-Review

Incorrect Type Conversion or Cast

Abstraction: Class · Status: Incomplete

The product does not correctly convert an object, resource, or structure from one type to a different type.

334 vulnerabilities reference this CWE, most recent first.

GHSA-G862-F67G-FVX4

Vulnerability from github – Published: 2022-05-13 01:26 – Updated: 2022-05-13 01:26
VLAI
Details

Google Chrome before 11.0.696.68 does not properly perform casts of variables during interaction with the WebKit engine, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2011-1799"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-704"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-05-16T17:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Google Chrome before 11.0.696.68 does not properly perform casts of variables during interaction with the WebKit engine, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.",
  "id": "GHSA-g862-f67g-fvx4",
  "modified": "2022-05-13T01:26:17Z",
  "published": "2022-05-13T01:26:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1799"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14029"
    },
    {
      "type": "WEB",
      "url": "http://code.google.com/p/chromium/issues/detail?id=64046"
    },
    {
      "type": "WEB",
      "url": "http://googlechromereleases.blogspot.com/2011/05/stable-channel-update.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2011/dsa-2245"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-GCJ3-C79F-CWJW

Vulnerability from github – Published: 2022-05-14 00:53 – Updated: 2022-05-14 00:53
VLAI
Details

Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-12812"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-704"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-20T19:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",
  "id": "GHSA-gcj3-c79f-cwjw",
  "modified": "2022-05-14T00:53:19Z",
  "published": "2022-05-14T00:53:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12812"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GCW4-6M66-W6FV

Vulnerability from github – Published: 2024-06-03 12:30 – Updated: 2024-06-03 12:30
VLAI
Details

transient DOS when setting up a fence callback to free a KGSL memory entry object during DMA.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-21478"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476",
      "CWE-704"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-03T10:15:11Z",
    "severity": "MODERATE"
  },
  "details": "transient DOS when setting up a fence callback to free a KGSL memory entry object during DMA.",
  "id": "GHSA-gcw4-6m66-w6fv",
  "modified": "2024-06-03T12:30:38Z",
  "published": "2024-06-03T12:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21478"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2024-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GF2C-MWWH-X43R

Vulnerability from github – Published: 2022-05-14 01:01 – Updated: 2022-05-14 01:01
VLAI
Details

Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-7860"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-704"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-11-08T17:59:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.",
  "id": "GHSA-gf2c-mwwh-x43r",
  "modified": "2022-05-14T01:01:45Z",
  "published": "2022-05-14T01:01:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7860"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-141"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-37.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201611-18"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2676.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/94151"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037240"
    },
    {
      "type": "WEB",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-601"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GFVF-9R5V-2JP2

Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32
VLAI
Details

Incorrect type conversion or cast in Windows Notification allows an authorized attacker to elevate privileges locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-50337"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-704"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-14T18:17:33Z",
    "severity": "HIGH"
  },
  "details": "Incorrect type conversion or cast in Windows Notification allows an authorized attacker to elevate privileges locally.",
  "id": "GHSA-gfvf-9r5v-2jp2",
  "modified": "2026-07-14T18:32:16Z",
  "published": "2026-07-14T18:32:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50337"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50337"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GQ7V-V27C-RX72

Vulnerability from github – Published: 2022-01-14 00:02 – Updated: 2023-04-19 18:30
VLAI
Details

Possible denial of service due to incorrectly decoding hex data for the SIB2 OTA message and assigning a garbage value to choice when processing the SRS configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-30300"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-704"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-13T12:15:00Z",
    "severity": "HIGH"
  },
  "details": "Possible denial of service due to incorrectly decoding hex data for the SIB2 OTA message and assigning a garbage value to choice when processing the SRS configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
  "id": "GHSA-gq7v-v27c-rx72",
  "modified": "2023-04-19T18:30:53Z",
  "published": "2022-01-14T00:02:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30300"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2022-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GQMH-GH38-RG3X

Vulnerability from github – Published: 2022-05-13 01:31 – Updated: 2022-05-13 01:31
VLAI
Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the absPageSpan method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5372.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-9938"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-704"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-05-17T15:29:00Z",
    "severity": "HIGH"
  },
  "details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the absPageSpan method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5372.",
  "id": "GHSA-gqmh-gh38-rg3x",
  "modified": "2022-05-13T01:31:40Z",
  "published": "2022-05-13T01:31:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9938"
    },
    {
      "type": "WEB",
      "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
    },
    {
      "type": "WEB",
      "url": "https://zerodayinitiative.com/advisories/ZDI-18-322"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GQVR-Q8FG-26RW

Vulnerability from github – Published: 2022-05-14 01:07 – Updated: 2022-05-14 01:07
VLAI
Details

psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-19476"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-704"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-11-23T05:29:00Z",
    "severity": "HIGH"
  },
  "details": "psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.",
  "id": "GHSA-gqvr-q8fg-26rw",
  "modified": "2022-05-14T01:07:01Z",
  "published": "2022-05-14T01:07:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19476"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHBA-2019:0327"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:0229"
    },
    {
      "type": "WEB",
      "url": "https://bugs.ghostscript.com/show_bug.cgi?id=700169"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00036.html"
    },
    {
      "type": "WEB",
      "url": "https://semmle.com/news/semmle-discovers-severe-vulnerability-ghostscript-postscript-pdf"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3831-1"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4346"
    },
    {
      "type": "WEB",
      "url": "https://www.ghostscript.com/doc/9.26/History9.htm#Version9.26"
    },
    {
      "type": "WEB",
      "url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=67d760ab775dae4efe803b5944b0439aa3c0b04a"
    },
    {
      "type": "WEB",
      "url": "http://git.ghostscript.com/?p=ghostpdl.git;h=434753adbe8be5534bfb9b7d91746023e8073d16"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/106154"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GX3X-VQ4P-MHHV

Vulnerability from github – Published: 2026-02-02 22:11 – Updated: 2026-02-27 21:41
VLAI
Summary
cert-manager-controller DoS via Specially Crafted DNS Response
Details

Impact

The cert-manager-controller performs DNS lookups during ACME DNS-01 processing (for zone discovery and propagation self-checks). By default, these lookups use standard unencrypted DNS.

An attacker who can intercept and modify DNS traffic from the cert-manager-controller pod can insert a crafted entry into cert-manager's DNS cache. Accessing this entry will trigger a panic, resulting in Denial of Service (DoS) of the cert-manager controller.

The issue can also be exploited if the authoritative DNS server for the domain being validated is controlled by a malicious actor.

Patches

The vulnerability was introduced in cert-manager v1.18.0 and has been patched in cert-manager v1.19.3 and v1.18.5, which are the supported minor releases at the time of publishing.

cert-manager versions prior to v1.18.0 are unaffected.

Workarounds

  • Using DNS-over-HTTPS reduces the risk of DNS traffic being intercepted and modified.
    • Note that DNS-over-HTTPS does not prevent the risk of an attacker-controlled authoritative DNS server.

Resources

  • Fix for cert-manager 1.18: https://github.com/cert-manager/cert-manager/pull/8467
  • Fix for cert-manager 1.19: https://github.com/cert-manager/cert-manager/pull/8468
  • Fix for master branch: https://github.com/cert-manager/cert-manager/pull/8469

Credits

Huge thanks to Oleh Konko (@1seal) for reporting the issue, providing a detailed PoC and an initial patch!

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/cert-manager/cert-manager"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.18.0"
            },
            {
              "fixed": "1.18.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/cert-manager/cert-manager"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.19.0"
            },
            {
              "fixed": "1.19.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-25518"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-129",
      "CWE-704"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-02T22:11:06Z",
    "nvd_published_at": "2026-02-04T22:15:58Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nThe cert-manager-controller performs DNS lookups during ACME DNS-01 processing (for zone discovery and propagation self-checks). By default, these lookups use standard unencrypted DNS.\n\nAn attacker who can intercept and modify DNS traffic from the cert-manager-controller pod can insert a crafted entry into cert-manager\u0027s DNS cache. Accessing this entry will trigger a panic, resulting in Denial of Service (DoS) of the cert-manager controller.\n\nThe issue can also be exploited if the authoritative DNS server for the domain being validated is controlled by a malicious actor.\n\n### Patches\n\nThe vulnerability was introduced in cert-manager v1.18.0 and has been patched in cert-manager v1.19.3 and v1.18.5, which are the supported minor releases at the time of publishing.\n\ncert-manager versions prior to v1.18.0 are unaffected.\n\n### Workarounds\n\n- Using DNS-over-HTTPS reduces the risk of DNS traffic being intercepted and modified.\n    - Note that DNS-over-HTTPS does *not* prevent the risk of an attacker-controlled authoritative DNS server.\n\n### Resources\n\n- Fix for cert-manager 1.18: https://github.com/cert-manager/cert-manager/pull/8467\n- Fix for cert-manager 1.19: https://github.com/cert-manager/cert-manager/pull/8468\n- Fix for master branch: https://github.com/cert-manager/cert-manager/pull/8469\n\n### Credits\n\nHuge thanks to Oleh Konko (@1seal) for reporting the issue, providing a detailed PoC and an initial patch!",
  "id": "GHSA-gx3x-vq4p-mhhv",
  "modified": "2026-02-27T21:41:50Z",
  "published": "2026-02-02T22:11:06Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/cert-manager/cert-manager/security/advisories/GHSA-gx3x-vq4p-mhhv"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25518"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cert-manager/cert-manager/pull/8467"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cert-manager/cert-manager/pull/8468"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cert-manager/cert-manager/pull/8469"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cert-manager/cert-manager/commit/409fc24e539711a07aae45ed45abbe03dfdad2cc"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cert-manager/cert-manager/commit/9a73a0b3853035827edd37ac463e4803ba10327d"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cert-manager/cert-manager/commit/d4faed26ae12115cceb807cdc12507ebc28980e2"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/cert-manager/cert-manager"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2026-4399"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "cert-manager-controller DoS via Specially Crafted DNS Response"
}

GHSA-GX73-2498-R55C

Vulnerability from github – Published: 2021-08-25 20:46 – Updated: 2023-06-13 17:17
VLAI
Summary
Unsound casting in flatbuffers
Details

The implementation of impl Follow for bool allows to reinterpret arbitrary bytes as a bool.

In Rust bool has stringent requirements for its in-memory representation. Use of this function allows to violate these requirements and invoke undefined behaviour in safe code.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "flatbuffers"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.4.0"
            },
            {
              "fixed": "0.6.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-25004"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-704"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-19T21:19:36Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "The implementation of impl Follow for bool allows to reinterpret arbitrary bytes as a bool.\n\nIn Rust bool has stringent requirements for its in-memory representation. Use of this function allows to violate these requirements and invoke undefined behaviour in safe code.",
  "id": "GHSA-gx73-2498-r55c",
  "modified": "2023-06-13T17:17:49Z",
  "published": "2021-08-25T20:46:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25004"
    },
    {
      "type": "WEB",
      "url": "https://github.com/google/flatbuffers/issues/5530"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/google/flatbuffers"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2019-0028.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Unsound casting in flatbuffers"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.