Common Weakness Enumeration

CWE-843

Allowed

Access of Resource Using Incompatible Type ('Type Confusion')

Abstraction: Base · Status: Incomplete

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

1041 vulnerabilities reference this CWE, most recent first.

GHSA-5RRM-2FM5-G6W3

Vulnerability from github – Published: 2022-05-13 01:37 – Updated: 2022-05-13 01:37
VLAI
Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the insert method of XFAScriptObject objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5016.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-14824"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-704",
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-12-20T14:29:00Z",
    "severity": "HIGH"
  },
  "details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the insert method of XFAScriptObject objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5016.",
  "id": "GHSA-5rrm-2fm5-g6w3",
  "modified": "2022-05-13T01:37:37Z",
  "published": "2022-05-13T01:37:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14824"
    },
    {
      "type": "WEB",
      "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
    },
    {
      "type": "WEB",
      "url": "https://zerodayinitiative.com/advisories/ZDI-17-868"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5VHC-23F9-JFHM

Vulnerability from github – Published: 2024-10-18 00:31 – Updated: 2024-10-18 00:31
VLAI
Details

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-43596"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-17T23:15:16Z",
    "severity": "MODERATE"
  },
  "details": "Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability",
  "id": "GHSA-5vhc-23f9-jfhm",
  "modified": "2024-10-18T00:31:17Z",
  "published": "2024-10-18T00:31:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43596"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43596"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5X77-X3QM-5V2F

Vulnerability from github – Published: 2024-01-09 18:30 – Updated: 2024-01-09 18:30
VLAI
Details

Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-20662"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-09T18:15:49Z",
    "severity": "MODERATE"
  },
  "details": "Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability",
  "id": "GHSA-5x77-x3qm-5v2f",
  "modified": "2024-01-09T18:30:28Z",
  "published": "2024-01-09T18:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20662"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20662"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5XH2-23CC-5JC6

Vulnerability from github – Published: 2025-01-09 18:51 – Updated: 2025-01-09 22:04
VLAI
Summary
Strawberry GraphQL has type resolution vulnerability in node interface that allows potential data leakage through incorrect type resolution
Details

Vulnerability Summary A type confusion vulnerability exists in Strawberry GraphQL's relay integration that affects multiple ORM integrations (Django, SQLAlchemy, Pydantic). The vulnerability occurs when multiple GraphQL types are mapped to the same underlying model while using the relay node interface.

Affected Components - Strawberry GraphQL relay integration - Specifically impacts implementations using: - Django integration - SQLAlchemy integration - Pydantic integration

Technical Details

The vulnerability manifests when: 1. Multiple GraphQL types inherit from relay.Node 2. These types are mapped to the same database model 3. The global node field is used for type resolution

Example of vulnerable code:

from fruits.models import Fruit
import strawberry_django
import strawberry

@strawberry_django.type(Fruit)
class FruitType(relay.Node):
    name: strawberry.auto

@strawberry_django.type(Fruit)
class SpecialFruitType(relay.Node):
    secret_name: strawberry.auto

@strawberry.type
class Query:
    node: relay.Node = strawberry_django.node()

Security Impact

When querying for a specific type using the global node field (e.g., FruitType:some-id), the resolver may incorrectly return an instance of a different type mapped to the same model (e.g., SpecialFruitType). This can lead to:

  1. Information disclosure if the alternate type exposes sensitive fields
  2. Potential privilege escalation if the alternate type contains data intended for restricted access

Note Even with knowledge of the correct type name (e.g., SpecialFruitType), attackers may still be able to access unauthorized data through direct type queries.

We recommend to use permission on fields instead of creating a dedicate type.

Recommendations 1. Avoid mapping multiple relay Node types to the same model 2. Implement strict access controls at the field resolution level (using permissions) 3. Consider using separate models for different access levels of the same data 4. Update to strawberry-graphql>=0.257.0 5. If using strawberry-graphql-django, update to strawberry-graphql-django>=0.54.0

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "strawberry-graphql"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.182.0"
            },
            {
              "fixed": "0.257.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-22151"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-351",
      "CWE-843"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-01-09T18:51:51Z",
    "nvd_published_at": "2025-01-09T19:15:20Z",
    "severity": "LOW"
  },
  "details": "**Vulnerability Summary**\nA type confusion vulnerability exists in Strawberry GraphQL\u0027s relay integration that affects multiple ORM integrations (Django, SQLAlchemy, Pydantic). The vulnerability occurs when multiple GraphQL types are mapped to the same underlying model while using the relay `node` interface.\n\n**Affected Components**\n- Strawberry GraphQL relay integration\n- Specifically impacts implementations using:\n  - Django integration\n  - SQLAlchemy integration\n  - Pydantic integration\n\n**Technical Details**\n\nThe vulnerability manifests when:\n1. Multiple GraphQL types inherit from `relay.Node`\n2. These types are mapped to the same database model\n3. The global `node` field is used for type resolution\n\nExample of vulnerable code:\n\n```python\nfrom fruits.models import Fruit\nimport strawberry_django\nimport strawberry\n\n@strawberry_django.type(Fruit)\nclass FruitType(relay.Node):\n    name: strawberry.auto\n\n@strawberry_django.type(Fruit)\nclass SpecialFruitType(relay.Node):\n    secret_name: strawberry.auto\n\n@strawberry.type\nclass Query:\n    node: relay.Node = strawberry_django.node()\n```\n\n**Security Impact**\n\nWhen querying for a specific type using the global `node` field (e.g., `FruitType:some-id`), the resolver may incorrectly return an instance of a different type mapped to the same model (e.g., `SpecialFruitType`). This can lead to:\n\n1. Information disclosure if the alternate type exposes sensitive fields\n2. Potential privilege escalation if the alternate type contains data intended for restricted access\n\n**Note**\nEven with knowledge of the correct type name (e.g., `SpecialFruitType`), attackers may still be able to access unauthorized data through direct type queries.\n\nWe recommend to use permission on fields instead of creating a dedicate type.\n\n**Recommendations**\n1. Avoid mapping multiple relay Node types to the same model\n2. Implement strict access controls at the field resolution level (using permissions)\n3. Consider using separate models for different access levels of the same data\n4. Update to `strawberry-graphql\u003e=0.257.0`\n5. If using `strawberry-graphql-django`, update to `strawberry-graphql-django\u003e=0.54.0`",
  "id": "GHSA-5xh2-23cc-5jc6",
  "modified": "2025-01-09T22:04:49Z",
  "published": "2025-01-09T18:51:51Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/strawberry-graphql/strawberry/security/advisories/GHSA-5xh2-23cc-5jc6"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22151"
    },
    {
      "type": "WEB",
      "url": "https://github.com/strawberry-graphql/strawberry/commit/526eb82b70451c0e59d5a71ae9b7396f59974bd8"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/strawberry-graphql/strawberry"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Strawberry GraphQL has type resolution vulnerability in node interface that allows potential data leakage through incorrect type resolution"
}

GHSA-6348-QPVC-CW5W

Vulnerability from github – Published: 2023-12-29 06:30 – Updated: 2023-12-29 06:30
VLAI
Details

Some Honor products are affected by type confusion vulnerability, successful exploitation could cause denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-6939"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-29T04:15:10Z",
    "severity": "MODERATE"
  },
  "details": "\nSome Honor products are affected by type confusion vulnerability, successful exploitation could cause denial of service.",
  "id": "GHSA-6348-qpvc-cw5w",
  "modified": "2023-12-29T06:30:30Z",
  "published": "2023-12-29T06:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6939"
    },
    {
      "type": "WEB",
      "url": "https://www.hihonor.com/global/security/cve-2023-6939"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-63WG-WJJJ-7CP8

Vulnerability from github – Published: 2026-07-02 20:26 – Updated: 2026-07-02 20:26
VLAI
Summary
Zebra Address Book Aborted by IPv4-Mapped Mempool Misbehavior Update
Details

Am I affected

You are affected if:

  1. You run zebrad up to and including v4.4.1.
  2. Your node listens on the default [::] address on a Linux host (the standard deployment configuration — net.ipv6.bindv6only=0 is the default on all common Linux distributions).
  3. Your node is synced near the chain tip (the expected production state for any node participating in the network).

Summary

An address normalization mismatch between the handshake path and the mempool misbehavior path causes a deterministic assertion panic when a peer connects via IPv4 to a dual-stack IPv6 listener and then triggers a mempool misbehavior penalty.

The handshake path canonicalizes IPv4-mapped IPv6 addresses to plain IPv4 when storing the peer in the address book via MetaAddr::new_connected. The mempool misbehavior path forwards the raw transient socket address (IPv4-mapped IPv6 form) when sending MetaAddrChange::UpdateMisbehavior to the address book. The address book looks up the canonical IPv4 entry but then asserts that the previous entry's address matches the change's address. The mismatch between the canonical IPv4 address and the raw IPv4-mapped IPv6 address triggers the assertion, and panic = "abort" terminates the process.

Details

On Linux with net.ipv6.bindv6only=0, an IPv4 connection accepted by a [::] listener is represented internally as an IPv4-mapped IPv6 socket address (e.g., ::ffff:127.0.0.1:8233). Zebra's canonical_peer_addr helper converts these to plain IPv4 (e.g., 127.0.0.1:8233).

The handshake path uses MetaAddr::new_connected, which canonicalizes the address before storing in the address book. However, inbound inventory registration uses connected_addr.get_transient_addr(), preserving the raw IPv4-mapped form. When the mempool later downloads an invalid transaction from this peer and generates a misbehavior penalty, the raw transient address is forwarded through the misbehavior channel to MetaAddrChange::UpdateMisbehavior, which does not canonicalize.

After the 30-second misbehavior batch flush, AddressBook::update retrieves the canonical IPv4 entry but MetaAddrChange::apply_to_meta_addr asserts that previous.addr == self.addr(), which fails because one is IPv4 and the other is IPv4-mapped IPv6.

The attacker needs only to complete a P2P handshake over IPv4 to a dual-stack listener and advertise an invalid mempool transaction (such as a coinbase transaction). The assertion fires after the 30-second misbehavior batch flush.

Patches

Patched in Zebra 4.5.0. The fix canonicalizes the address in the misbehavior update path via a new MetaAddr::new_misbehavior constructor that applies canonical_peer_addr before creating the UpdateMisbehavior change.

Workarounds

Configuring listen_addr to an IPv4-only address (e.g., 0.0.0.0:8233) avoids the IPv4-mapped IPv6 representation and prevents this specific assertion. Alternatively, setting net.ipv6.bindv6only=1 on Linux prevents dual-stack acceptance.

Impact

A remote unauthenticated peer can deterministically crash any synced Zebra node running the default Linux dual-stack configuration with a single invalid mempool transaction advertisement, followed by a 30-second wait. The attack requires no mining capability, no RPC access, no funds, and no special privileges. The crash can be repeated after each restart, causing persistent downtime. Linux dual-stack sockets and mempool activation are the default production state, not special preconditions.

Credit

Reported by @Haxatron.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 6.0.0"
      },
      "package": {
        "ecosystem": "crates.io",
        "name": "zebra-network"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 4.4.1"
      },
      "package": {
        "ecosystem": "crates.io",
        "name": "zebrad"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.5.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-52829"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617",
      "CWE-843"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-07-02T20:26:56Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Am I affected\n\nYou are affected if:\n\n1. You run `zebrad` up to and including `v4.4.1`.\n2. Your node listens on the default `[::]` address on a Linux host (the standard deployment configuration \u2014 `net.ipv6.bindv6only=0` is the default on all common Linux distributions).\n3. Your node is synced near the chain tip (the expected production state for any node participating in the network).\n\n### Summary\n\nAn address normalization mismatch between the handshake path and the mempool misbehavior path causes a deterministic assertion panic when a peer connects via IPv4 to a dual-stack IPv6 listener and then triggers a mempool misbehavior penalty.\n\nThe handshake path canonicalizes IPv4-mapped IPv6 addresses to plain IPv4 when storing the peer in the address book via `MetaAddr::new_connected`. The mempool misbehavior path forwards the raw transient socket address (IPv4-mapped IPv6 form) when sending `MetaAddrChange::UpdateMisbehavior` to the address book. The address book looks up the canonical IPv4 entry but then asserts that the previous entry\u0027s address matches the change\u0027s address. The mismatch between the canonical IPv4 address and the raw IPv4-mapped IPv6 address triggers the assertion, and `panic = \"abort\"` terminates the process.\n\n### Details\n\nOn Linux with `net.ipv6.bindv6only=0`, an IPv4 connection accepted by a `[::]` listener is represented internally as an IPv4-mapped IPv6 socket address (e.g., `::ffff:127.0.0.1:8233`). Zebra\u0027s `canonical_peer_addr` helper converts these to plain IPv4 (e.g., `127.0.0.1:8233`).\n\nThe handshake path uses `MetaAddr::new_connected`, which canonicalizes the address before storing in the address book. However, inbound inventory registration uses `connected_addr.get_transient_addr()`, preserving the raw IPv4-mapped form. When the mempool later downloads an invalid transaction from this peer and generates a misbehavior penalty, the raw transient address is forwarded through the misbehavior channel to `MetaAddrChange::UpdateMisbehavior`, which does not canonicalize.\n\nAfter the 30-second misbehavior batch flush, `AddressBook::update` retrieves the canonical IPv4 entry but `MetaAddrChange::apply_to_meta_addr` asserts that `previous.addr == self.addr()`, which fails because one is IPv4 and the other is IPv4-mapped IPv6.\n\nThe attacker needs only to complete a P2P handshake over IPv4 to a dual-stack listener and advertise an invalid mempool transaction (such as a coinbase transaction). The assertion fires after the 30-second misbehavior batch flush.\n\n### Patches\n\nPatched in Zebra 4.5.0. The fix canonicalizes the address in the misbehavior update path via a new `MetaAddr::new_misbehavior` constructor that applies `canonical_peer_addr` before creating the `UpdateMisbehavior` change.\n\n### Workarounds\n\nConfiguring `listen_addr` to an IPv4-only address (e.g., `0.0.0.0:8233`) avoids the IPv4-mapped IPv6 representation and prevents this specific assertion. Alternatively, setting `net.ipv6.bindv6only=1` on Linux prevents dual-stack acceptance.\n\n### Impact\n\nA remote unauthenticated peer can deterministically crash any synced Zebra node running the default Linux dual-stack configuration with a single invalid mempool transaction advertisement, followed by a 30-second wait. The attack requires no mining capability, no RPC access, no funds, and no special privileges. The crash can be repeated after each restart, causing persistent downtime. Linux dual-stack sockets and mempool activation are the default production state, not special preconditions.\n\n### Credit\n\nReported by `@Haxatron`.",
  "id": "GHSA-63wg-wjjj-7cp8",
  "modified": "2026-07-02T20:26:56Z",
  "published": "2026-07-02T20:26:56Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ZcashFoundation/zebra/security/advisories/GHSA-63wg-wjjj-7cp8"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ZcashFoundation/zebra"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Zebra Address Book Aborted by IPv4-Mapped Mempool Misbehavior Update"
}

GHSA-6433-X5P4-8JC7

Vulnerability from github – Published: 2024-05-02 21:30 – Updated: 2024-11-25 19:27
VLAI
Summary
libxmljs vulnerable to type confusion when parsing specially crafted XML
Details

libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs() that was called on a parsed node. This vulnerability might lead to denial of service (on both 32-bit systems and 64-bit systems), data leak, infinite loop and remote code execution (on 32-bit systems with the XML_PARSE_HUGE flag enabled).

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "libxmljs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.0.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-34391"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-03T20:24:29Z",
    "nvd_published_at": "2024-05-02T19:15:06Z",
    "severity": "CRITICAL"
  },
  "details": "libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of `attrs()` that was called on a parsed node. This vulnerability might lead to denial of service (on both 32-bit systems and 64-bit systems), data leak, infinite loop and remote code execution (on 32-bit systems with the XML_PARSE_HUGE flag enabled).",
  "id": "GHSA-6433-x5p4-8jc7",
  "modified": "2024-11-25T19:27:36Z",
  "published": "2024-05-02T21:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34391"
    },
    {
      "type": "WEB",
      "url": "https://github.com/libxmljs/libxmljs/issues/645"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/libxmljs/libxmljs"
    },
    {
      "type": "WEB",
      "url": "https://research.jfrog.com/vulnerabilities/libxmljs-attrs-type-confusion-rce-jfsa-2024-001033988"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "libxmljs vulnerable to type confusion when parsing specially crafted XML"
}

GHSA-656V-JX98-63W5

Vulnerability from github – Published: 2023-03-27 21:30 – Updated: 2023-04-05 15:30
VLAI
Details

A flaw was found in the Linux Kernel. The tls_is_tx_ready() incorrectly checks for list emptiness, potentially accessing a type confused entry to the list_head, leaking the last byte of the confused field that overlaps with rec->tx_ready.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-1075"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-27T21:15:00Z",
    "severity": "LOW"
  },
  "details": "A flaw was found in the Linux Kernel. The tls_is_tx_ready() incorrectly checks for list emptiness, potentially accessing a type confused entry to the list_head, leaking the last byte of the confused field that overlaps with rec-\u003etx_ready.",
  "id": "GHSA-656v-jx98-63w5",
  "modified": "2023-04-05T15:30:24Z",
  "published": "2023-03-27T21:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1075"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=ffe2a22562444720b05bdfeb999c03e810d84cbb"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-662C-VG67-M327

Vulnerability from github – Published: 2023-07-13 03:30 – Updated: 2024-04-04 06:06
VLAI
Details

coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does not block multiple Content-Type headers, which might allow attackers to bypass a WAF with a crafted payload, aka "Content-Type confusion." This occurs when the web application relies on only the last Content-Type header.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-38199"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-13T03:15:10Z",
    "severity": "CRITICAL"
  },
  "details": "coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does not block multiple Content-Type headers, which might allow attackers to bypass a WAF with a crafted payload, aka \"Content-Type confusion.\" This occurs when the web application relies on only the last Content-Type header.",
  "id": "GHSA-662c-vg67-m327",
  "modified": "2024-04-04T06:06:24Z",
  "published": "2023-07-13T03:30:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38199"
    },
    {
      "type": "WEB",
      "url": "https://github.com/coreruleset/coreruleset/issues/3191"
    },
    {
      "type": "WEB",
      "url": "https://github.com/coreruleset/coreruleset/pull/3237"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-672H-59XC-V8H6

Vulnerability from github – Published: 2026-06-09 18:30 – Updated: 2026-06-09 18:30
VLAI
Details

Access of resource using incompatible type ('type confusion') in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-45600"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-09T17:17:28Z",
    "severity": "HIGH"
  },
  "details": "Access of resource using incompatible type (\u0027type confusion\u0027) in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.",
  "id": "GHSA-672h-59xc-v8h6",
  "modified": "2026-06-09T18:30:51Z",
  "published": "2026-06-09T18:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45600"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45600"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.