Common Weakness Enumeration

CWE-843

Allowed

Access of Resource Using Incompatible Type ('Type Confusion')

Abstraction: Base · Status: Incomplete

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

1041 vulnerabilities reference this CWE, most recent first.

GHSA-8HF9-GGCP-8C36

Vulnerability from github – Published: 2022-05-24 17:29 – Updated: 2022-05-24 17:29
VLAI
Details

Type confusion in V8 in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-6537"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-09-21T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "Type confusion in V8 in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.",
  "id": "GHSA-8hf9-ggcp-8c36",
  "modified": "2022-05-24T17:29:05Z",
  "published": "2022-05-24T17:29:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6537"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop_27.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1105318"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EE7XWIZBME7JAY7N6CGPET4CLNHHEIVT"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2021/dsa-4824"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-8J4M-CFH3-2VC4

Vulnerability from github – Published: 2023-04-20 00:30 – Updated: 2024-04-04 03:36
VLAI
Details

Buffer Overflow vulnerability in Qihoo 360 Chrome v13.0.2170.0 allows attacker to escalate priveleges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-33970"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-19T22:15:10Z",
    "severity": "CRITICAL"
  },
  "details": "Buffer Overflow vulnerability in Qihoo 360 Chrome v13.0.2170.0 allows attacker to escalate priveleges.",
  "id": "GHSA-8j4m-cfh3-2vc4",
  "modified": "2024-04-04T03:36:24Z",
  "published": "2023-04-20T00:30:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33970"
    },
    {
      "type": "WEB",
      "url": "https://MemoryCorruptor.blogspot.com/p/vulnerabilities-disclosures.html"
    },
    {
      "type": "WEB",
      "url": "https://pastebin.com/Qug7tquW"
    },
    {
      "type": "WEB",
      "url": "https://www.youtube.com/channel/UCLJ6fZxUqbmPe4jiwC6o4hg"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8M69-P3VJ-FHQC

Vulnerability from github – Published: 2026-05-20 21:31 – Updated: 2026-05-20 21:31
VLAI
Details

Type Confusion in GFX in Google Chrome on Linux, ChromeOS prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-9117"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-20T20:16:43Z",
    "severity": "HIGH"
  },
  "details": "Type Confusion in GFX in Google Chrome on Linux, ChromeOS prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: High)",
  "id": "GHSA-8m69-p3vj-fhqc",
  "modified": "2026-05-20T21:31:33Z",
  "published": "2026-05-20T21:31:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9117"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0841193308.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/497542537"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8M6Q-HJ66-2CMR

Vulnerability from github – Published: 2022-04-23 00:40 – Updated: 2023-02-02 18:31
VLAI
Details

The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion."

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2012-4512"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-02-08T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to \"type confusion.\"",
  "id": "GHSA-8m6q-hj66-2cmr",
  "modified": "2023-02-02T18:31:06Z",
  "published": "2022-04-23T00:40:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4512"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2012:1416"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2012:1418"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2012-4512"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=865779"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0005.html"
    },
    {
      "type": "WEB",
      "url": "http://em386.blogspot.com/2010/12/webkit-css-type-confusion.html"
    },
    {
      "type": "WEB",
      "url": "http://quickgit.kde.org/index.php?p=kdelibs.git\u0026a=commitdiff\u0026h=a872c8a969a8bd3706253d6ba24088e4f07f3352"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1416.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1418.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/51097"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/51145"
    },
    {
      "type": "WEB",
      "url": "http://www.nth-dimension.org.uk/pub/NDSA20121010.txt.asc"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2012/10/11/11"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2012/10/30/6"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1027709"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8M9G-C3MM-HR68

Vulnerability from github – Published: 2024-10-03 18:30 – Updated: 2024-10-30 15:30
VLAI
Details

Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-7825"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-03T17:15:15Z",
    "severity": "MODERATE"
  },
  "details": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027) vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3.",
  "id": "GHSA-8m9g-c3mm-hr68",
  "modified": "2024-10-30T15:30:44Z",
  "published": "2024-10-03T18:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7825"
    },
    {
      "type": "WEB",
      "url": "https://answers.webroot.com/Webroot/ukp.aspx?pid=12\u0026app=vw\u0026vw=1\u0026login=1\u0026json=1\u0026solutionid=4275"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8MWF-HVFP-6XFG

Vulnerability from github – Published: 2023-06-06 00:30 – Updated: 2025-10-22 00:32
VLAI
Details

Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-3079"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-05T22:15:12Z",
    "severity": "HIGH"
  },
  "details": "Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-8mwf-hvfp-6xfg",
  "modified": "2025-10-22T00:32:44Z",
  "published": "2023-06-06T00:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3079"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1450481"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DYTXO5E3FI3I2ETDP3HF4SHYYTFMKMIC"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U4OXTNIZY4JYHJT7CVLPAJQILI6BISVM"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202311-11"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202401-34"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-3079"
    },
    {
      "type": "WEB",
      "url": "https://www.couchbase.com/alerts"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5420"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/176211/Chrome-V8-Type-Confusion.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/176212/Chrome-V8-Type-Confusion-New-Sandbox-Escape.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8MXC-VQRQ-GCM8

Vulnerability from github – Published: 2025-02-26 18:30 – Updated: 2025-03-02 03:30
VLAI
Details

jq v1.7.1 contains a stack-buffer-overflow in the decNumberCopy function within decNumber.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-53427"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T16:15:16Z",
    "severity": "HIGH"
  },
  "details": "jq v1.7.1 contains a stack-buffer-overflow in the decNumberCopy function within decNumber.c.",
  "id": "GHSA-8mxc-vqrq-gcm8",
  "modified": "2025-03-02T03:30:31Z",
  "published": "2025-02-26T18:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53427"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jqlang/jq/issues/3196"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jqlang/jq/blob/71c2ab509a8628dbbad4bc7b3f98a64aa90d3297/src/decNumber/decNumber.c#L3375"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8PGP-5CG5-C3CJ

Vulnerability from github – Published: 2025-05-27 18:30 – Updated: 2025-05-29 21:31
VLAI
Details

An issue was discovered in the GPU in Samsung Mobile Processor Exynos 1480 and 2400. Type confusion leads to a Denial of Service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-49196"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-27T17:15:25Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in the GPU in Samsung Mobile Processor Exynos 1480 and 2400. Type confusion leads to a Denial of Service.",
  "id": "GHSA-8pgp-5cg5-c3cj",
  "modified": "2025-05-29T21:31:36Z",
  "published": "2025-05-27T18:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49196"
    },
    {
      "type": "WEB",
      "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates"
    },
    {
      "type": "WEB",
      "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-49196"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8RFX-73JP-8RCR

Vulnerability from github – Published: 2025-02-07 03:32 – Updated: 2025-02-07 03:32
VLAI
Details

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21279"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-06T23:15:09Z",
    "severity": "MODERATE"
  },
  "details": "Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability",
  "id": "GHSA-8rfx-73jp-8rcr",
  "modified": "2025-02-07T03:32:02Z",
  "published": "2025-02-07T03:32:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21279"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21279"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8RQH-8726-83H7

Vulnerability from github – Published: 2022-05-13 01:20 – Updated: 2023-10-06 01:02
VLAI
Summary
ChakraCore RCE Vulnerability
Details

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8145, CVE-2018-8177.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.ChakraCore"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.8.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-8133"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-21T17:48:31Z",
    "nvd_published_at": "2018-05-09T19:29:00Z",
    "severity": "HIGH"
  },
  "details": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8145, CVE-2018-8177.",
  "id": "GHSA-8rqh-8726-83h7",
  "modified": "2023-10-06T01:02:03Z",
  "published": "2022-05-13T01:20:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8133"
    },
    {
      "type": "WEB",
      "url": "https://github.com/chakra-core/ChakraCore/commit/1b56f9fedf078ce100d65e9e7661bf1cfdc63502"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/chakra-core/ChakraCore"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8133"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20210124164259/http://www.securityfocus.com/bid/103982"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20211204185256/http://www.securitytracker.com/id/1040844"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/44817"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "ChakraCore RCE Vulnerability"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.