CWE-843
AllowedAccess of Resource Using Incompatible Type ('Type Confusion')
Abstraction: Base · Status: Incomplete
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
1041 vulnerabilities reference this CWE, most recent first.
GHSA-8HF9-GGCP-8C36
Vulnerability from github – Published: 2022-05-24 17:29 – Updated: 2022-05-24 17:29Type confusion in V8 in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2020-6537"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-09-21T20:15:00Z",
"severity": "HIGH"
},
"details": "Type confusion in V8 in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.",
"id": "GHSA-8hf9-ggcp-8c36",
"modified": "2022-05-24T17:29:05Z",
"published": "2022-05-24T17:29:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6537"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop_27.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1105318"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EE7XWIZBME7JAY7N6CGPET4CLNHHEIVT"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4824"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-8J4M-CFH3-2VC4
Vulnerability from github – Published: 2023-04-20 00:30 – Updated: 2024-04-04 03:36Buffer Overflow vulnerability in Qihoo 360 Chrome v13.0.2170.0 allows attacker to escalate priveleges.
{
"affected": [],
"aliases": [
"CVE-2021-33970"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-19T22:15:10Z",
"severity": "CRITICAL"
},
"details": "Buffer Overflow vulnerability in Qihoo 360 Chrome v13.0.2170.0 allows attacker to escalate priveleges.",
"id": "GHSA-8j4m-cfh3-2vc4",
"modified": "2024-04-04T03:36:24Z",
"published": "2023-04-20T00:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33970"
},
{
"type": "WEB",
"url": "https://MemoryCorruptor.blogspot.com/p/vulnerabilities-disclosures.html"
},
{
"type": "WEB",
"url": "https://pastebin.com/Qug7tquW"
},
{
"type": "WEB",
"url": "https://www.youtube.com/channel/UCLJ6fZxUqbmPe4jiwC6o4hg"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8M69-P3VJ-FHQC
Vulnerability from github – Published: 2026-05-20 21:31 – Updated: 2026-05-20 21:31Type Confusion in GFX in Google Chrome on Linux, ChromeOS prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2026-9117"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-20T20:16:43Z",
"severity": "HIGH"
},
"details": "Type Confusion in GFX in Google Chrome on Linux, ChromeOS prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: High)",
"id": "GHSA-8m69-p3vj-fhqc",
"modified": "2026-05-20T21:31:33Z",
"published": "2026-05-20T21:31:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9117"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_0841193308.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/497542537"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8M6Q-HJ66-2CMR
Vulnerability from github – Published: 2022-04-23 00:40 – Updated: 2023-02-02 18:31The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion."
{
"affected": [],
"aliases": [
"CVE-2012-4512"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-02-08T19:15:00Z",
"severity": "MODERATE"
},
"details": "The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to \"type confusion.\"",
"id": "GHSA-8m6q-hj66-2cmr",
"modified": "2023-02-02T18:31:06Z",
"published": "2022-04-23T00:40:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4512"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2012:1416"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2012:1418"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2012-4512"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=865779"
},
{
"type": "WEB",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0005.html"
},
{
"type": "WEB",
"url": "http://em386.blogspot.com/2010/12/webkit-css-type-confusion.html"
},
{
"type": "WEB",
"url": "http://quickgit.kde.org/index.php?p=kdelibs.git\u0026a=commitdiff\u0026h=a872c8a969a8bd3706253d6ba24088e4f07f3352"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1416.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1418.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/51097"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/51145"
},
{
"type": "WEB",
"url": "http://www.nth-dimension.org.uk/pub/NDSA20121010.txt.asc"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2012/10/11/11"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2012/10/30/6"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1027709"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8M9G-C3MM-HR68
Vulnerability from github – Published: 2024-10-03 18:30 – Updated: 2024-10-30 15:30Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3.
{
"affected": [],
"aliases": [
"CVE-2024-7825"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-03T17:15:15Z",
"severity": "MODERATE"
},
"details": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027) vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3.",
"id": "GHSA-8m9g-c3mm-hr68",
"modified": "2024-10-30T15:30:44Z",
"published": "2024-10-03T18:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7825"
},
{
"type": "WEB",
"url": "https://answers.webroot.com/Webroot/ukp.aspx?pid=12\u0026app=vw\u0026vw=1\u0026login=1\u0026json=1\u0026solutionid=4275"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8MWF-HVFP-6XFG
Vulnerability from github – Published: 2023-06-06 00:30 – Updated: 2025-10-22 00:32Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2023-3079"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-05T22:15:12Z",
"severity": "HIGH"
},
"details": "Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-8mwf-hvfp-6xfg",
"modified": "2025-10-22T00:32:44Z",
"published": "2023-06-06T00:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3079"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1450481"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DYTXO5E3FI3I2ETDP3HF4SHYYTFMKMIC"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U4OXTNIZY4JYHJT7CVLPAJQILI6BISVM"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202311-11"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202401-34"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-3079"
},
{
"type": "WEB",
"url": "https://www.couchbase.com/alerts"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5420"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/176211/Chrome-V8-Type-Confusion.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/176212/Chrome-V8-Type-Confusion-New-Sandbox-Escape.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8MXC-VQRQ-GCM8
Vulnerability from github – Published: 2025-02-26 18:30 – Updated: 2025-03-02 03:30jq v1.7.1 contains a stack-buffer-overflow in the decNumberCopy function within decNumber.c.
{
"affected": [],
"aliases": [
"CVE-2024-53427"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T16:15:16Z",
"severity": "HIGH"
},
"details": "jq v1.7.1 contains a stack-buffer-overflow in the decNumberCopy function within decNumber.c.",
"id": "GHSA-8mxc-vqrq-gcm8",
"modified": "2025-03-02T03:30:31Z",
"published": "2025-02-26T18:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53427"
},
{
"type": "WEB",
"url": "https://github.com/jqlang/jq/issues/3196"
},
{
"type": "WEB",
"url": "https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92"
},
{
"type": "WEB",
"url": "https://github.com/jqlang/jq/blob/71c2ab509a8628dbbad4bc7b3f98a64aa90d3297/src/decNumber/decNumber.c#L3375"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8PGP-5CG5-C3CJ
Vulnerability from github – Published: 2025-05-27 18:30 – Updated: 2025-05-29 21:31An issue was discovered in the GPU in Samsung Mobile Processor Exynos 1480 and 2400. Type confusion leads to a Denial of Service.
{
"affected": [],
"aliases": [
"CVE-2024-49196"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-27T17:15:25Z",
"severity": "HIGH"
},
"details": "An issue was discovered in the GPU in Samsung Mobile Processor Exynos 1480 and 2400. Type confusion leads to a Denial of Service.",
"id": "GHSA-8pgp-5cg5-c3cj",
"modified": "2025-05-29T21:31:36Z",
"published": "2025-05-27T18:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49196"
},
{
"type": "WEB",
"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates"
},
{
"type": "WEB",
"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-49196"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8RFX-73JP-8RCR
Vulnerability from github – Published: 2025-02-07 03:32 – Updated: 2025-02-07 03:32Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
{
"affected": [],
"aliases": [
"CVE-2025-21279"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-06T23:15:09Z",
"severity": "MODERATE"
},
"details": "Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability",
"id": "GHSA-8rfx-73jp-8rcr",
"modified": "2025-02-07T03:32:02Z",
"published": "2025-02-07T03:32:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21279"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21279"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8RQH-8726-83H7
Vulnerability from github – Published: 2022-05-13 01:20 – Updated: 2023-10-06 01:02A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8145, CVE-2018-8177.
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.ChakraCore"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.8.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-8133"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": true,
"github_reviewed_at": "2023-07-21T17:48:31Z",
"nvd_published_at": "2018-05-09T19:29:00Z",
"severity": "HIGH"
},
"details": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8145, CVE-2018-8177.",
"id": "GHSA-8rqh-8726-83h7",
"modified": "2023-10-06T01:02:03Z",
"published": "2022-05-13T01:20:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8133"
},
{
"type": "WEB",
"url": "https://github.com/chakra-core/ChakraCore/commit/1b56f9fedf078ce100d65e9e7661bf1cfdc63502"
},
{
"type": "PACKAGE",
"url": "https://github.com/chakra-core/ChakraCore"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8133"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20210124164259/http://www.securityfocus.com/bid/103982"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20211204185256/http://www.securitytracker.com/id/1040844"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/44817"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "ChakraCore RCE Vulnerability"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.