CWE-843
AllowedAccess of Resource Using Incompatible Type ('Type Confusion')
Abstraction: Base · Status: Incomplete
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
1041 vulnerabilities reference this CWE, most recent first.
GHSA-C4GJ-HH7R-67QF
Vulnerability from github – Published: 2023-01-09 09:30 – Updated: 2023-01-13 03:30Memory corruption in video driver due to type confusion error during video playback
{
"affected": [],
"aliases": [
"CVE-2022-25721"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-09T08:15:00Z",
"severity": "HIGH"
},
"details": "Memory corruption in video driver due to type confusion error during video playback",
"id": "GHSA-c4gj-hh7r-67qf",
"modified": "2023-01-13T03:30:18Z",
"published": "2023-01-09T09:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25721"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C4JP-353R-RG52
Vulnerability from github – Published: 2026-05-06 21:31 – Updated: 2026-05-07 01:05Type Confusion in Runtime in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2026-7927"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-06T19:16:41Z",
"severity": "HIGH"
},
"details": "Type Confusion in Runtime in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-c4jp-353r-rg52",
"modified": "2026-05-07T01:05:50Z",
"published": "2026-05-06T21:31:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7927"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/502830119"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C5HW-5P2J-XQG7
Vulnerability from github – Published: 2023-02-27 21:30 – Updated: 2025-10-22 00:32A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
{
"affected": [],
"aliases": [
"CVE-2023-23529"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-27T20:15:00Z",
"severity": "HIGH"
},
"details": "A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..",
"id": "GHSA-c5hw-5p2j-xqg7",
"modified": "2025-10-22T00:32:43Z",
"published": "2023-02-27T21:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23529"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202305-32"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213633"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213635"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213638"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213673"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-23529"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2023/Mar/20"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2023/May/7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C5X4-RJX4-C2HR
Vulnerability from github – Published: 2024-03-04 09:30 – Updated: 2024-03-04 09:30in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through type confusion.
{
"affected": [],
"aliases": [
"CVE-2023-49602"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-04T07:15:08Z",
"severity": "LOW"
},
"details": "in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through type confusion.",
"id": "GHSA-c5x4-rjx4-c2hr",
"modified": "2024-03-04T09:30:29Z",
"published": "2024-03-04T09:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49602"
},
{
"type": "WEB",
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-03.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-C6CV-PQXG-8VV6
Vulnerability from github – Published: 2022-05-12 00:00 – Updated: 2022-05-21 00:00Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.
{
"affected": [],
"aliases": [
"CVE-2022-30557"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-11T20:15:00Z",
"severity": "HIGH"
},
"details": "Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.",
"id": "GHSA-c6cv-pqxg-8vv6",
"modified": "2022-05-21T00:00:41Z",
"published": "2022-05-12T00:00:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30557"
},
{
"type": "WEB",
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C736-4V3X-HR9Q
Vulnerability from github – Published: 2026-06-05 00:31 – Updated: 2026-06-05 03:31Type Confusion in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2026-10962"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-04T23:16:59Z",
"severity": "HIGH"
},
"details": "Type Confusion in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-c736-4v3x-hr9q",
"modified": "2026-06-05T03:31:32Z",
"published": "2026-06-05T00:31:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10962"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/511006880"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C838-PJ7M-89Q4
Vulnerability from github – Published: 2022-05-24 17:46 – Updated: 2025-10-22 00:32A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2021-1789"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-02T18:15:00Z",
"severity": "HIGH"
},
"details": "A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.",
"id": "GHSA-c838-pj7m-89q4",
"modified": "2025-10-22T00:32:06Z",
"published": "2022-05-24T17:46:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1789"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202104-03"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT212146"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT212147"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT212148"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT212149"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT212152"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-1789"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C87G-9RMQ-C4M3
Vulnerability from github – Published: 2026-06-05 00:31 – Updated: 2026-06-05 03:31Type Confusion in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2026-10935"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-04T23:16:56Z",
"severity": "HIGH"
},
"details": "Type Confusion in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-c87g-9rmq-c4m3",
"modified": "2026-06-05T03:31:31Z",
"published": "2026-06-05T00:31:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10935"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/501898683"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C9HP-6RXJ-H2WX
Vulnerability from github – Published: 2025-11-06 21:31 – Updated: 2025-11-24 21:30SuiteCRM versions prior to 7.12.6 contain a type confusion vulnerability within the processing of the ‘module’ parameter within the ‘deleteAttachment’ functionality. Successful exploitation allows remote unauthenticated attackers to alter database objects including changing the email address of the administrator.
{
"affected": [],
"aliases": [
"CVE-2022-50590"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-06T20:15:36Z",
"severity": "HIGH"
},
"details": "SuiteCRM versions prior to 7.12.6 contain a type confusion vulnerability within the\u00a0processing of the \u2018module\u2019 parameter within the \u2018deleteAttachment\u2019 functionality. Successful exploitation allows remote unauthenticated attackers to alter database objects including changing the email address of the administrator.",
"id": "GHSA-c9hp-6rxj-h2wx",
"modified": "2025-11-24T21:30:57Z",
"published": "2025-11-06T21:31:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50590"
},
{
"type": "WEB",
"url": "https://blog.exodusintel.com/2022/06/09/salesagility-suitecrm-deleteattachment-type-confusion-vulnerability"
},
{
"type": "WEB",
"url": "https://docs.suitecrm.com/admin/releases/7.12.x/#_7_12_6"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/suitecrm-type-confusion-via-deleteattachment-functionality"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-C9P7-W5RM-3WW2
Vulnerability from github – Published: 2024-07-02 09:32 – Updated: 2024-07-02 09:32in OpenHarmony v4.0.0 and prior versions allow a local attacker cause apps crash through type confusion.
{
"affected": [],
"aliases": [
"CVE-2024-31071"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-02T09:15:18Z",
"severity": "LOW"
},
"details": "in OpenHarmony v4.0.0 and prior versions allow a local attacker cause apps crash through type confusion.",
"id": "GHSA-c9p7-w5rm-3ww2",
"modified": "2024-07-02T09:32:07Z",
"published": "2024-07-02T09:32:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31071"
},
{
"type": "WEB",
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-07.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.