CWE-843
AllowedAccess of Resource Using Incompatible Type ('Type Confusion')
Abstraction: Base · Status: Incomplete
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
1041 vulnerabilities reference this CWE, most recent first.
GHSA-XMRF-JR44-FRCM
Vulnerability from github – Published: 2022-05-24 16:54 – Updated: 2022-05-24 16:54Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2019-7970"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-08-26T18:15:00Z",
"severity": "CRITICAL"
},
"details": "Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.",
"id": "GHSA-xmrf-jr44-frcm",
"modified": "2022-05-24T16:54:49Z",
"published": "2022-05-24T16:54:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7970"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/photoshop/apsb19-44.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-XMWW-383X-H57W
Vulnerability from github – Published: 2025-04-29 03:30 – Updated: 2025-04-29 18:30A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may cause an unexpected app termination.
{
"affected": [],
"aliases": [
"CVE-2025-30445"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-29T03:15:34Z",
"severity": "MODERATE"
},
"details": "A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may cause an unexpected app termination.",
"id": "GHSA-xmww-383x-h57w",
"modified": "2025-04-29T18:30:57Z",
"published": "2025-04-29T03:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30445"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/122371"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/122372"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/122373"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/122374"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/122375"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/122377"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/122378"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XP3P-HPX6-M9Q4
Vulnerability from github – Published: 2025-02-13 21:31 – Updated: 2025-02-13 21:31: Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Lexmark International CX, XC, CS, et. Al. (Postscript interpreter modules) allows Resource Injection.This issue affects CX, XC, CS, et. Al.: from 001.001:0 through 081.231, from ..P001 through ..P233, from ..P001 through ..P759, from ..P001 through ..P836.
{
"affected": [],
"aliases": [
"CVE-2024-11346"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-13T19:15:13Z",
"severity": "HIGH"
},
"details": ": Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027) vulnerability in Lexmark International CX, XC, CS, et. Al. (Postscript interpreter modules) allows Resource Injection.This issue affects CX, XC, CS, et. Al.: from 001.001:0 through 081.231, from *.*.P001 through *.*.P233, from *.*.P001 through *.*.P759, from *.*.P001 through *.*.P836.",
"id": "GHSA-xp3p-hpx6-m9q4",
"modified": "2025-02-13T21:31:43Z",
"published": "2025-02-13T21:31:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11346"
},
{
"type": "WEB",
"url": "https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-XPG5-JV85-754H
Vulnerability from github – Published: 2022-05-17 00:22 – Updated: 2025-10-22 00:31Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element.
{
"affected": [],
"aliases": [
"CVE-2017-0037"
],
"database_specific": {
"cwe_ids": [
"CWE-704",
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-02-26T23:59:00Z",
"severity": "HIGH"
},
"details": "Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element.",
"id": "GHSA-xpg5-jv85-754h",
"modified": "2025-10-22T00:31:18Z",
"published": "2022-05-17T00:22:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0037"
},
{
"type": "WEB",
"url": "https://0patch.blogspot.si/2017/03/0patching-another-0-day-internet.html"
},
{
"type": "WEB",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1011"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0037"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-0037"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/41454"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/42354"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/43125"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/96088"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1037905"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1037906"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XPG9-VVH4-VQJV
Vulnerability from github – Published: 2023-07-19 15:30 – Updated: 2024-04-04 06:16A type confusion vulnerability exists in the Javascript checkThisBox method as implemented in Foxit Reader 12.1.2.15332. A specially-crafted Javascript code inside a malicious PDF document can cause memory corruption and lead to remote code execution. User would need to open a malicious file to trigger the vulnerability.
{
"affected": [],
"aliases": [
"CVE-2023-32664"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-19T14:15:10Z",
"severity": "HIGH"
},
"details": "A type confusion vulnerability exists in the Javascript checkThisBox method as implemented in Foxit Reader 12.1.2.15332. A specially-crafted Javascript code inside a malicious PDF document can cause memory corruption and lead to remote code execution. User would need to open a malicious file to trigger the vulnerability.",
"id": "GHSA-xpg9-vvh4-vqjv",
"modified": "2024-04-04T06:16:56Z",
"published": "2023-07-19T15:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32664"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1795"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1795"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XPW3-5R62-6XWP
Vulnerability from github – Published: 2025-09-09 18:31 – Updated: 2025-09-09 18:31Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2025-54104"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-09T17:15:55Z",
"severity": "MODERATE"
},
"details": "Access of resource using incompatible type (\u0027type confusion\u0027) in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-xpw3-5r62-6xwp",
"modified": "2025-09-09T18:31:20Z",
"published": "2025-09-09T18:31:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54104"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54104"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XQ32-4FHV-G5H5
Vulnerability from github – Published: 2022-05-24 17:47 – Updated: 2023-12-29 03:30Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28466.
{
"affected": [],
"aliases": [
"CVE-2021-28468"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-13T20:15:00Z",
"severity": "HIGH"
},
"details": "Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28466.",
"id": "GHSA-xq32-4fhv-g5h5",
"modified": "2023-12-29T03:30:26Z",
"published": "2022-05-24T17:47:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28468"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28468"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-421"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XQFQ-FX8X-W875
Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32Access of resource using incompatible type ('type confusion') in Windows Kernel allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2026-50390"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T18:17:40Z",
"severity": "HIGH"
},
"details": "Access of resource using incompatible type (\u0027type confusion\u0027) in Windows Kernel allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-xqfq-fx8x-w875",
"modified": "2026-07-14T18:32:19Z",
"published": "2026-07-14T18:32:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50390"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50390"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XV5H-J798-X927
Vulnerability from github – Published: 2023-02-07 21:30 – Updated: 2023-02-16 15:30Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: Medium)
{
"affected": [],
"aliases": [
"CVE-2023-0703"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-07T21:15:00Z",
"severity": "HIGH"
},
"details": "Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: Medium)",
"id": "GHSA-xv5h-j798-x927",
"modified": "2023-02-16T15:30:27Z",
"published": "2023-02-07T21:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0703"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1405574"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202309-17"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XV6W-GXJ8-V943
Vulnerability from github – Published: 2026-03-30 21:31 – Updated: 2026-06-30 03:36A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named __proto__ and the application accesses req.headersDistinct.
When this occurs, dest["__proto__"] resolves to Object.prototype rather than undefined, causing .push() to be called on a non-array. This exception is thrown synchronously inside a property getter and cannot be intercepted by error event listeners, meaning it cannot be handled without wrapping every req.headersDistinct access in a try/catch.
- This vulnerability affects all Node.js HTTP servers on 20.x, 22.x, 24.x, and v25.x
{
"affected": [],
"aliases": [
"CVE-2026-21710"
],
"database_specific": {
"cwe_ids": [
"CWE-770",
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-30T20:16:18Z",
"severity": "HIGH"
},
"details": "A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the application accesses `req.headersDistinct`.\n\nWhen this occurs, `dest[\"__proto__\"]` resolves to `Object.prototype` rather than `undefined`, causing `.push()` to be called on a non-array. This exception is thrown synchronously inside a property getter and cannot be intercepted by `error` event listeners, meaning it cannot be handled without wrapping every `req.headersDistinct` access in a `try/catch`.\n\n* This vulnerability affects all Node.js HTTP servers on **20.x, 22.x, 24.x, and v25.x**",
"id": "GHSA-xv6w-gxj8-v943",
"modified": "2026-06-30T03:36:04Z",
"published": "2026-03-30T21:31:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21710"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-21710.json"
},
{
"type": "WEB",
"url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453151"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-21710"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:9874"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:9711"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8339"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7983"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7896"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7675"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7670"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7350"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7310"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7302"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7123"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7080"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.