Common Weakness Enumeration

CWE-843

Allowed

Access of Resource Using Incompatible Type ('Type Confusion')

Abstraction: Base · Status: Incomplete

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

1041 vulnerabilities reference this CWE, most recent first.

GHSA-GMJ3-JV2H-3MHJ

Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32
VLAI
Details

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-55024"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-14T18:18:13Z",
    "severity": "HIGH"
  },
  "details": "Access of resource using incompatible type (\u0027type confusion\u0027) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.",
  "id": "GHSA-gmj3-jv2h-3mhj",
  "modified": "2026-07-14T18:32:32Z",
  "published": "2026-07-14T18:32:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-55024"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55024"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GMJ9-H825-CHQ2

Vulnerability from github – Published: 2025-01-23 17:19 – Updated: 2025-01-23 23:17
VLAI
Summary
try/except* clauses could allow bypass RestrictedPython via type confusion bug in the CPython interpreter
Details

Impact

Via a type confusion bug in the CPython interpreter when using try/except* RestrictedPython could be bypassed.

We believe this should be fixed upstream in Python itself until that we remove support for try/except* from RestrictedPython. (It has been fixed for some Python versions.)

Patches

Patched in version 8.0 by removing support for try/except* clauses

Workarounds

There is no workaround.

References

none

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "RestrictedPython"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.0"
            },
            {
              "fixed": "8.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-22153"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-01-23T17:19:34Z",
    "nvd_published_at": "2025-01-23T18:15:33Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nVia a type confusion bug in the CPython interpreter when using `try/except*` RestrictedPython could be bypassed.\n\nWe believe this should be fixed upstream in Python itself until that we remove support for `try/except*` from RestrictedPython.\n(It has been fixed for some Python versions.)\n\n### Patches\nPatched in version 8.0 by removing support for `try/except*` clauses\n\n### Workarounds\nThere is no workaround.\n\n### References\nnone\n",
  "id": "GHSA-gmj9-h825-chq2",
  "modified": "2025-01-23T23:17:21Z",
  "published": "2025-01-23T17:19:34Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-gmj9-h825-chq2"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22153"
    },
    {
      "type": "WEB",
      "url": "https://github.com/zopefoundation/RestrictedPython/commit/48a92c5bb617a647cffd0dadd4d5cfe626bcdb2f"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/zopefoundation/RestrictedPython"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "try/except* clauses could allow bypass RestrictedPython via type confusion bug in the CPython interpreter"
}

GHSA-GMJF-5WF6-PXG7

Vulnerability from github – Published: 2022-07-29 00:00 – Updated: 2022-08-05 00:00
VLAI
Details

Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-2295"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-28T02:15:00Z",
    "severity": "HIGH"
  },
  "details": "Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
  "id": "GHSA-gmjf-5wf6-pxg7",
  "modified": "2022-08-05T00:00:25Z",
  "published": "2022-07-29T00:00:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2295"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1336869"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202208-35"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GMXF-QJ4V-RF52

Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2025-10-22 00:32
VLAI
Details

Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-30551"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-15T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
  "id": "GHSA-gmxf-qj4v-rf52",
  "modified": "2025-10-22T00:32:18Z",
  "published": "2022-05-24T19:05:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30551"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1216437"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202107-06"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202208-25"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30551"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GPX4-FQ76-5FJ9

Vulnerability from github – Published: 2022-05-13 01:43 – Updated: 2022-05-13 01:43
VLAI
Details

An elevation of privilege vulnerability in the Upstream kernel bluez. Product: Android. Versions: Android kernel. Android ID: A-63527053.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-13220"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-01-12T23:29:00Z",
    "severity": "HIGH"
  },
  "details": "An elevation of privilege vulnerability in the Upstream kernel bluez. Product: Android. Versions: Android kernel. Android ID: A-63527053.",
  "id": "GHSA-gpx4-fq76-5fj9",
  "modified": "2022-05-13T01:43:06Z",
  "published": "2022-05-13T01:43:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13220"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1536155"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1076537"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51bda2bca53b265715ca1852528f38dc67429d9a"
    },
    {
      "type": "WEB",
      "url": "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13220.html"
    },
    {
      "type": "WEB",
      "url": "https://security-tracker.debian.org/tracker/CVE-2017-13220"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/pixel/2018-01-01"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3655-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3655-2"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4187"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GQCR-2578-3WC2

Vulnerability from github – Published: 2022-05-17 01:08 – Updated: 2025-04-12 12:56
VLAI
Details

Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion."

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-0985"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-02-10T20:59:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK \u0026 Compiler before 20.0.0.260 allow attackers to execute arbitrary code by leveraging an unspecified \"type confusion.\"",
  "id": "GHSA-gqcr-2578-3wc2",
  "modified": "2025-04-12T12:56:54Z",
  "published": "2022-05-17T01:08:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0985"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-04.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201603-07"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/39461"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00025.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00027.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00029.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00030.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0166.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1034970"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GQFJ-PH97-XJRX

Vulnerability from github – Published: 2022-05-24 17:13 – Updated: 2022-06-03 00:00
VLAI
Details

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-3897"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-01T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution.",
  "id": "GHSA-gqfj-ph97-xjrx",
  "modified": "2022-06-03T00:00:39Z",
  "published": "2022-05-24T17:13:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3897"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202006-08"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211101"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211102"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211103"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211104"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211105"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211106"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT211107"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020/dsa-4681"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2020/04/27/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GQFX-G24J-XF8P

Vulnerability from github – Published: 2025-08-12 18:31 – Updated: 2025-08-12 18:31
VLAI
Details

Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-53143"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-12T18:15:38Z",
    "severity": "HIGH"
  },
  "details": "Access of resource using incompatible type (\u0027type confusion\u0027) in Windows Message Queuing allows an authorized attacker to execute code over a network.",
  "id": "GHSA-gqfx-g24j-xf8p",
  "modified": "2025-08-12T18:31:31Z",
  "published": "2025-08-12T18:31:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53143"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53143"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GQQH-295F-W7WC

Vulnerability from github – Published: 2023-03-27 21:30 – Updated: 2023-04-03 21:32
VLAI
Details

In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-1077"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-27T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption.",
  "id": "GHSA-gqqh-295f-w7wc",
  "modified": "2023-04-03T21:32:47Z",
  "published": "2023-03-27T21:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1077"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=7c4a5b89a0b5a57a64b601775b296abf77a9fe97"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230511-0002"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GQW7-QW4R-9W8V

Vulnerability from github – Published: 2022-05-24 16:59 – Updated: 2022-05-24 16:59
VLAI
Details

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-8169"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-10-17T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .",
  "id": "GHSA-gqw7-qw4r-9w8v",
  "modified": "2022-05-24T16:59:20Z",
  "published": "2022-05-24T16:59:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8169"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb19-49.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.