CWE-843
AllowedAccess of Resource Using Incompatible Type ('Type Confusion')
Abstraction: Base · Status: Incomplete
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
1041 vulnerabilities reference this CWE, most recent first.
GHSA-898F-RRWC-RGMX
Vulnerability from github – Published: 2026-07-01 00:34 – Updated: 2026-07-01 18:31Type Confusion in Dawn in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
{
"affected": [],
"aliases": [
"CVE-2026-13776"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-30T23:16:52Z",
"severity": "CRITICAL"
},
"details": "Type Confusion in Dawn in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)",
"id": "GHSA-898f-rrwc-rgmx",
"modified": "2026-07-01T18:31:26Z",
"published": "2026-07-01T00:34:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-13776"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/513012139"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-89W4-V286-M7R9
Vulnerability from github – Published: 2025-09-09 18:31 – Updated: 2025-09-09 18:31Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2025-54094"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-09T17:15:53Z",
"severity": "MODERATE"
},
"details": "Access of resource using incompatible type (\u0027type confusion\u0027) in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-89w4-v286-m7r9",
"modified": "2025-09-09T18:31:20Z",
"published": "2025-09-09T18:31:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54094"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54094"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8CGQ-MF9J-MHPV
Vulnerability from github – Published: 2022-05-24 19:01 – Updated: 2022-05-24 19:01This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the the handling of app.media objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process Was ZDI-CAN-13333.
{
"affected": [],
"aliases": [
"CVE-2021-31461"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-07T21:15:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the the handling of app.media objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process Was ZDI-CAN-13333.",
"id": "GHSA-8cgq-mf9j-mhpv",
"modified": "2022-05-24T19:01:42Z",
"published": "2022-05-24T19:01:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31461"
},
{
"type": "WEB",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-550"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-8FFR-Q7J8-H445
Vulnerability from github – Published: 2022-05-24 16:50 – Updated: 2025-10-22 00:31A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2.
{
"affected": [],
"aliases": [
"CVE-2019-11707"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-07-23T14:15:00Z",
"severity": "HIGH"
},
"details": "A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR \u003c 60.7.1, Firefox \u003c 67.0.3, and Thunderbird \u003c 60.7.2.",
"id": "GHSA-8ffr-q7j8-h445",
"modified": "2025-10-22T00:31:43Z",
"published": "2022-05-24T16:50:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11707"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1544386"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201908-12"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-11707"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2019-18"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2019-20"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8FWF-6328-M3PR
Vulnerability from github – Published: 2022-05-24 17:03 – Updated: 2022-05-24 17:03Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2019-13764"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-12-10T22:15:00Z",
"severity": "MODERATE"
},
"details": "Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"id": "GHSA-8fwf-6328-m3pr",
"modified": "2022-05-24T17:03:05Z",
"published": "2022-05-24T17:03:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13764"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:4238"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1028863"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2020/Jan/27"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202003-08"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4606"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8FWW-GXXH-7H5F
Vulnerability from github – Published: 2022-05-24 17:22 – Updated: 2022-05-24 17:22Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .
{
"affected": [],
"aliases": [
"CVE-2019-8250"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-07-06T18:15:00Z",
"severity": "MODERATE"
},
"details": "Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .",
"id": "GHSA-8fww-gxxh-7h5f",
"modified": "2022-05-24T17:22:25Z",
"published": "2022-05-24T17:22:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8250"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb19-41.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-8FXW-MFFQ-432C
Vulnerability from github – Published: 2025-07-02 18:30 – Updated: 2025-07-02 18:30Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
{
"affected": [],
"aliases": [
"CVE-2025-49713"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-02T18:15:24Z",
"severity": "HIGH"
},
"details": "Access of resource using incompatible type (\u0027type confusion\u0027) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.",
"id": "GHSA-8fxw-mffq-432c",
"modified": "2025-07-02T18:30:38Z",
"published": "2025-07-02T18:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49713"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49713"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8G8J-CRRV-VM86
Vulnerability from github – Published: 2025-11-28 03:30 – Updated: 2025-11-28 03:30Permission control vulnerability in the memory management module. Impact: Successful exploitation of this vulnerability may affect confidentiality.
{
"affected": [],
"aliases": [
"CVE-2025-64314"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-28T03:16:00Z",
"severity": "CRITICAL"
},
"details": "Permission control vulnerability in the memory management module.\nImpact: Successful exploitation of this vulnerability may affect confidentiality.",
"id": "GHSA-8g8j-crrv-vm86",
"modified": "2025-11-28T03:30:27Z",
"published": "2025-11-28T03:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64314"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/cn/support/bulletinlaptops/2025/11"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8GWJ-8HXC-285W
Vulnerability from github – Published: 2021-11-08 17:43 – Updated: 2021-11-08 17:43This affects the package json-ptr before 3.0.0. A type confusion vulnerability can lead to a bypass of CVE-2020-7766 when the user-provided keys used in the pointer parameter are arrays.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "json-ptr"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-23509"
],
"database_specific": {
"cwe_ids": [
"CWE-1321",
"CWE-843"
],
"github_reviewed": true,
"github_reviewed_at": "2021-11-04T16:56:49Z",
"nvd_published_at": "2021-11-03T18:15:00Z",
"severity": "MODERATE"
},
"details": "This affects the package `json-ptr` before `3.0.0`. A type confusion vulnerability can lead to a bypass of CVE-2020-7766 when the user-provided keys used in the pointer parameter are arrays.",
"id": "GHSA-8gwj-8hxc-285w",
"modified": "2021-11-08T17:43:16Z",
"published": "2021-11-08T17:43:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23509"
},
{
"type": "WEB",
"url": "https://github.com/flitbit/json-ptr/pull/42"
},
{
"type": "WEB",
"url": "https://github.com/flitbit/json-ptr/commit/5dc458fbad1c382a2e3ca6d62e66ede3d92849ca"
},
{
"type": "PACKAGE",
"url": "https://github.com/flitbit/json-ptr"
},
{
"type": "WEB",
"url": "https://github.com/flitbit/json-ptr%23security-vulnerabilities-resolved"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JS-JSONPTR-1577291"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "Prototype Pollution in json-ptr"
}
GHSA-8H6G-XC7X-FXV4
Vulnerability from github – Published: 2025-03-11 21:30 – Updated: 2025-03-11 21:30Ashlar-Vellum Cobalt VS File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of VS files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25236.
{
"affected": [],
"aliases": [
"CVE-2025-2015"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-11T21:15:52Z",
"severity": "HIGH"
},
"details": "Ashlar-Vellum Cobalt VS File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of VS files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25236.",
"id": "GHSA-8h6g-xc7x-fxv4",
"modified": "2025-03-11T21:30:41Z",
"published": "2025-03-11T21:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2015"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-116"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.