CWE-843
AllowedAccess of Resource Using Incompatible Type ('Type Confusion')
Abstraction: Base · Status: Incomplete
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
1041 vulnerabilities reference this CWE, most recent first.
GHSA-G2XR-GX3H-VPC9
Vulnerability from github – Published: 2022-05-24 17:48 – Updated: 2025-10-22 00:32Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2021-21224"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-26T17:15:00Z",
"severity": "HIGH"
},
"details": "Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.",
"id": "GHSA-g2xr-gx3h-vpc9",
"modified": "2025-10-22T00:32:07Z",
"published": "2022-05-24T17:48:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21224"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1195777"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EAJ42L4JFPBJATCZ7MOZQTUDGV4OEHHG"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3GZ42MYPGD35V652ZPVPYYS7A7LVXVY"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUZBGKGVZADNA3I24NVG7HAYYUTOSN5A"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EAJ42L4JFPBJATCZ7MOZQTUDGV4OEHHG"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3GZ42MYPGD35V652ZPVPYYS7A7LVXVY"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUZBGKGVZADNA3I24NVG7HAYYUTOSN5A"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202104-08"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21224"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4906"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G328-W23G-XXVF
Vulnerability from github – Published: 2025-01-30 21:31 – Updated: 2025-01-30 21:31Type confusion in the Zoom Workplace App for Linux before 6.2.10 may allow an authorized user to conduct an escalation of privilege via network access.
{
"affected": [],
"aliases": [
"CVE-2025-0147"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-30T20:15:35Z",
"severity": "HIGH"
},
"details": "Type confusion in the Zoom Workplace App for Linux before 6.2.10 may allow an authorized user to conduct an escalation of privilege via network access.",
"id": "GHSA-g328-w23g-xxvf",
"modified": "2025-01-30T21:31:23Z",
"published": "2025-01-30T21:31:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0147"
},
{
"type": "WEB",
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25006"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G4GJ-M346-585C
Vulnerability from github – Published: 2024-10-23 00:31 – Updated: 2024-10-25 18:30Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2024-10230"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-22T22:15:03Z",
"severity": "HIGH"
},
"details": "Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-g4gj-m346-585c",
"modified": "2024-10-25T18:30:48Z",
"published": "2024-10-23T00:31:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10230"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_22.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/371565065"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G4MF-V8C5-8RJM
Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32Access of resource using incompatible type ('type confusion') in SQL Server allows an authorized attacker to disclose information over a network.
{
"affected": [],
"aliases": [
"CVE-2026-54116"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T18:18:07Z",
"severity": "MODERATE"
},
"details": "Access of resource using incompatible type (\u0027type confusion\u0027) in SQL Server allows an authorized attacker to disclose information over a network.",
"id": "GHSA-g4mf-v8c5-8rjm",
"modified": "2026-07-14T18:32:31Z",
"published": "2026-07-14T18:32:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-54116"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-54116"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-G4RW-8M5Q-6453
Vulnerability from github – Published: 2021-08-25 20:45 – Updated: 2023-06-13 20:26Affected versions of rgb crate allow viewing and modifying data of any type T wrapped in RGB as bytes, and do not correctly constrain RGB and other wrapper structures to the types for which it is safe to do so.
Safety violation possible for a type wrapped in RGB and similar wrapper structures:
- If T contains padding, viewing it as bytes may lead to exposure of contents of uninitialized memory.
- If T contains a pointer, modifying it as bytes may lead to dereferencing of arbitrary pointers.
- Any safety and/or validity invariants for T may be violated.
The issue was resolved by requiring all types wrapped in structures provided by RGB crate to implement an unsafe marker trait.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "rgb"
},
"ranges": [
{
"events": [
{
"introduced": "0.5.4"
},
{
"fixed": "0.8.20"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-25016"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-843"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-19T21:21:37Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "Affected versions of rgb crate allow viewing and modifying data of any type T wrapped in RGB\u003cT\u003e as bytes, and do not correctly constrain RGB\u003cT\u003e and other wrapper structures to the types for which it is safe to do so.\n\nSafety violation possible for a type wrapped in RGB\u003cT\u003e and similar wrapper structures:\n\n* If T contains padding, viewing it as bytes may lead to exposure of contents of uninitialized memory.\n* If T contains a pointer, modifying it as bytes may lead to dereferencing of arbitrary pointers.\n* Any safety and/or validity invariants for T may be violated.\n\nThe issue was resolved by requiring all types wrapped in structures provided by RGB crate to implement an unsafe marker trait.",
"id": "GHSA-g4rw-8m5q-6453",
"modified": "2023-06-13T20:26:14Z",
"published": "2021-08-25T20:45:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25016"
},
{
"type": "WEB",
"url": "https://github.com/kornelski/rust-rgb/issues/35"
},
{
"type": "PACKAGE",
"url": "https://github.com/kornelski/rust-rgb"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0029.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Out of bounds access in rgb"
}
GHSA-G4VH-HH62-JGQC
Vulnerability from github – Published: 2026-06-05 00:31 – Updated: 2026-06-05 18:31Type Confusion in XML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted XML file. (Chromium security severity: Medium)
{
"affected": [],
"aliases": [
"CVE-2026-11196"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-04T23:17:26Z",
"severity": "MODERATE"
},
"details": "Type Confusion in XML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted XML file. (Chromium security severity: Medium)",
"id": "GHSA-g4vh-hh62-jgqc",
"modified": "2026-06-05T18:31:38Z",
"published": "2026-06-05T00:31:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11196"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/503879106"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-G5C6-866R-Q623
Vulnerability from github – Published: 2022-05-13 01:37 – Updated: 2022-05-13 01:37This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the remove method of XFAScriptObject objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5017.
{
"affected": [],
"aliases": [
"CVE-2017-14825"
],
"database_specific": {
"cwe_ids": [
"CWE-704",
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-12-20T14:29:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the remove method of XFAScriptObject objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5017.",
"id": "GHSA-g5c6-866r-q623",
"modified": "2022-05-13T01:37:37Z",
"published": "2022-05-13T01:37:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14825"
},
{
"type": "WEB",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"type": "WEB",
"url": "https://zerodayinitiative.com/advisories/ZDI-17-869"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G5PM-RQ4W-Q5JW
Vulnerability from github – Published: 2024-07-01 06:31 – Updated: 2024-07-03 18:47In venc, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08737250; Issue ID: MSV-1452.
{
"affected": [],
"aliases": [
"CVE-2024-20078"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-01T05:15:04Z",
"severity": "CRITICAL"
},
"details": "In venc, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08737250; Issue ID: MSV-1452.",
"id": "GHSA-g5pm-rq4w-q5jw",
"modified": "2024-07-03T18:47:28Z",
"published": "2024-07-01T06:31:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20078"
},
{
"type": "WEB",
"url": "https://corp.mediatek.com/product-security-bulletin/July-2024"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G63V-HWV9-J9Q5
Vulnerability from github – Published: 2023-08-03 03:30 – Updated: 2023-11-25 12:30Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2023-4069"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-03T01:15:11Z",
"severity": "HIGH"
},
"details": "Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-g63v-hwv9-j9q5",
"modified": "2023-11-25T12:30:22Z",
"published": "2023-08-03T03:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4069"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1465326"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202311-11"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202312-07"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202401-34"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5467"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G779-VPJ7-V6C4
Vulnerability from github – Published: 2024-06-20 00:30 – Updated: 2024-06-21 15:31Type Confusion in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2024-6100"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-20T00:15:09Z",
"severity": "HIGH"
},
"details": "Type Confusion in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-g779-vpj7-v6c4",
"modified": "2024-06-21T15:31:05Z",
"published": "2024-06-20T00:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6100"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_18.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/344608204"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HYUEHZ35ZPY2EONVZCGO6LPT3AMLZCP"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5NRNCEYS246CYGOR32MF7OGKWOWER22"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.