CWE-843
AllowedAccess of Resource Using Incompatible Type ('Type Confusion')
Abstraction: Base · Status: Incomplete
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
1041 vulnerabilities reference this CWE, most recent first.
GHSA-CCX5-JH35-2P3C
Vulnerability from github – Published: 2025-04-08 18:34 – Updated: 2025-04-08 18:34Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
{
"affected": [],
"aliases": [
"CVE-2025-29791"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-08T18:16:05Z",
"severity": "HIGH"
},
"details": "Access of resource using incompatible type (\u0027type confusion\u0027) in Microsoft Office allows an unauthorized attacker to execute code locally.",
"id": "GHSA-ccx5-jh35-2p3c",
"modified": "2025-04-08T18:34:57Z",
"published": "2025-04-08T18:34:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29791"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29791"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CF46-6XXH-PC75
Vulnerability from github – Published: 2022-05-24 16:49 – Updated: 2026-06-09 10:21In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
Nokogiri prior to version 1.10.5 used a vulnerable version of libxslt. Nokogiri 1.10.5 updated libxslt to version 1.1.34 to address this and other vulnerabilities in libxslt.
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "nokogiri"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.10.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-13118"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": true,
"github_reviewed_at": "2023-03-08T19:57:56Z",
"nvd_published_at": "2019-07-01T02:15:00Z",
"severity": "HIGH"
},
"details": "In `numbers.c` in libxslt 1.1.33, a type holding grouping characters of an `xsl:number` instruction was too narrow and an invalid character/length combination could be passed to `xsltNumberFormatDecimal`, leading to a read of uninitialized stack data.\n\nNokogiri prior to version 1.10.5 used a vulnerable version of libxslt. Nokogiri 1.10.5 updated libxslt to version 1.1.34 to address this and other vulnerabilities in libxslt.",
"id": "GHSA-cf46-6xxh-pc75",
"modified": "2026-06-09T10:21:50Z",
"published": "2022-05-24T16:49:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13118"
},
{
"type": "WEB",
"url": "https://github.com/sparklemotion/nokogiri/issues/1943"
},
{
"type": "WEB",
"url": "https://github.com/sparklemotion/nokogiri/commit/43a175339b47b8c604508813fc75b83f13cd173e"
},
{
"type": "WEB",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Jul/36"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Jul/37"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Jul/40"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Jul/41"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Jul/42"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20190806-0004"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20200122-0003"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT210346"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT210348"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT210351"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT210353"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT210356"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT210357"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT210358"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4164-1"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"type": "WEB",
"url": "https://github.com/sparklemotion/nokogiri/blob/f7aa3b0b29d6fe5fafe93dacd9b96b6b3d16b7ec/CHANGELOG.md?plain=1#L796"
},
{
"type": "WEB",
"url": "https://github.com/sparklemotion/nokogiri/releases/tag/v1.10.5"
},
{
"type": "WEB",
"url": "https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ"
},
{
"type": "WEB",
"url": "https://oss-fuzz.com/testcase-detail/5197371471822848"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Aug/21"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Aug/22"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Aug/23"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Aug/25"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Jul/35"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2019/Aug/11"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2019/Aug/13"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2019/Aug/14"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2019/Aug/15"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2019/Jul/22"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2019/Jul/23"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2019/Jul/24"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2019/Jul/26"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2019/Jul/31"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2019/Jul/37"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2019/Jul/38"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/11/17/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "libxslt Type Confusion vulnerability that affects Nokogiri"
}
GHSA-CF64-J332-F4VW
Vulnerability from github – Published: 2024-06-13 21:30 – Updated: 2024-08-01 15:31In lwis_add_completion_fence of lwis_fence.c, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2024-32919"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-13T21:15:55Z",
"severity": "HIGH"
},
"details": "In lwis_add_completion_fence of lwis_fence.c, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-cf64-j332-f4vw",
"modified": "2024-08-01T15:31:48Z",
"published": "2024-06-13T21:30:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32919"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CJ36-HXHV-2QXH
Vulnerability from github – Published: 2026-03-24 15:30 – Updated: 2026-06-30 03:35JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9.
{
"affected": [],
"aliases": [
"CVE-2026-4698"
],
"database_specific": {
"cwe_ids": [
"CWE-733",
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-24T13:16:05Z",
"severity": "CRITICAL"
},
"details": "JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, and Firefox ESR \u003c 140.9.",
"id": "GHSA-cj36-hxhv-2qxh",
"modified": "2026-06-30T03:35:59Z",
"published": "2026-03-24T15:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4698"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:5930"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8287"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8288"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8289"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8290"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8315"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8427"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8850"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-4698"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2020906"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450719"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4698.json"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-20"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-21"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-23"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:5931"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:5932"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:6188"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:6342"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:6917"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7837"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7838"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7839"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7840"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7841"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7842"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7843"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7845"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7858"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8284"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8285"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8286"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CM3G-QM4H-XM6M
Vulnerability from github – Published: 2025-05-24 03:30 – Updated: 2025-05-27 18:52In group_number in the scsir crate 0.2.0 for Rust, there can be an overflow because a hardware device may expect a small number of bits (e.g., 5 bits) for group number.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "scsir"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-48756"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": true,
"github_reviewed_at": "2025-05-27T18:52:08Z",
"nvd_published_at": "2025-05-24T03:15:24Z",
"severity": "LOW"
},
"details": "In group_number in the scsir crate 0.2.0 for Rust, there can be an overflow because a hardware device may expect a small number of bits (e.g., 5 bits) for group number.",
"id": "GHSA-cm3g-qm4h-xm6m",
"modified": "2025-05-27T18:52:08Z",
"published": "2025-05-24T03:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48756"
},
{
"type": "WEB",
"url": "https://github.com/maboroshinokiseki/scsir/issues/4"
},
{
"type": "WEB",
"url": "https://crates.io/crates/scsir"
},
{
"type": "PACKAGE",
"url": "https://github.com/maboroshinokiseki/scsir"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "SCSIR has a Potential Unsound Issue in WriteSameCommand"
}
GHSA-CPFC-7GPF-G4M4
Vulnerability from github – Published: 2022-08-02 00:00 – Updated: 2022-08-06 00:00In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138400; Issue ID: ALPS07138400.
{
"affected": [],
"aliases": [
"CVE-2022-26433"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-01T14:15:00Z",
"severity": "MODERATE"
},
"details": "In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138400; Issue ID: ALPS07138400.",
"id": "GHSA-cpfc-7gpf-g4m4",
"modified": "2022-08-06T00:00:49Z",
"published": "2022-08-02T00:00:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26433"
},
{
"type": "WEB",
"url": "https://corp.mediatek.com/product-security-bulletin/August-2022"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CQRX-3M42-5P5W
Vulnerability from github – Published: 2026-04-08 03:32 – Updated: 2026-04-13 21:30The compiler is meant to unwrap pointers which are the operands of a memory move; a no-op interface conversion prevented the compiler from making the correct determination about non-overlapping moves, potentially leading to memory corruption at runtime.
{
"affected": [],
"aliases": [
"CVE-2026-27144"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-08T02:16:03Z",
"severity": "HIGH"
},
"details": "The compiler is meant to unwrap pointers which are the operands of a memory move; a no-op interface conversion prevented the compiler from making the correct determination about non-overlapping moves, potentially leading to memory corruption at runtime.",
"id": "GHSA-cqrx-3m42-5p5w",
"modified": "2026-04-13T21:30:32Z",
"published": "2026-04-08T03:32:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27144"
},
{
"type": "WEB",
"url": "https://go.dev/cl/763764"
},
{
"type": "WEB",
"url": "https://go.dev/issue/78371"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2026-4867"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CR8J-22Q7-88HM
Vulnerability from github – Published: 2023-06-06 15:30 – Updated: 2024-04-04 04:35In vcu, there is a possible memory corruption due to type confusion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519103; Issue ID: ALPS07519121.
{
"affected": [],
"aliases": [
"CVE-2023-20747"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-06T13:15:14Z",
"severity": "MODERATE"
},
"details": "In vcu, there is a possible memory corruption due to type confusion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519103; Issue ID: ALPS07519121.",
"id": "GHSA-cr8j-22q7-88hm",
"modified": "2024-04-04T04:35:44Z",
"published": "2023-06-06T15:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20747"
},
{
"type": "WEB",
"url": "https://corp.mediatek.com/product-security-bulletin/June-2023"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CV6H-7P3X-Q58X
Vulnerability from github – Published: 2023-11-20 12:30 – Updated: 2023-11-20 12:30in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through type confusion.
{
"affected": [],
"aliases": [
"CVE-2023-6045"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-20T12:15:09Z",
"severity": "MODERATE"
},
"details": "in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through type confusion.",
"id": "GHSA-cv6h-7p3x-q58x",
"modified": "2023-11-20T12:30:27Z",
"published": "2023-11-20T12:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6045"
},
{
"type": "WEB",
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2023/2023-12.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-CV7X-J8XJ-R7M8
Vulnerability from github – Published: 2025-12-17 21:30 – Updated: 2025-12-17 21:30A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
{
"affected": [],
"aliases": [
"CVE-2025-43541"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-17T21:16:12Z",
"severity": "MODERATE"
},
"details": "A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.",
"id": "GHSA-cv7x-j8xj-r7m8",
"modified": "2025-12-17T21:30:50Z",
"published": "2025-12-17T21:30:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43541"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/125884"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/125885"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/125886"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/125891"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/125892"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.