CWE-843
AllowedAccess of Resource Using Incompatible Type ('Type Confusion')
Abstraction: Base · Status: Incomplete
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
1041 vulnerabilities reference this CWE, most recent first.
GHSA-GMJ3-JV2H-3MHJ
Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
{
"affected": [],
"aliases": [
"CVE-2026-55024"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T18:18:13Z",
"severity": "HIGH"
},
"details": "Access of resource using incompatible type (\u0027type confusion\u0027) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.",
"id": "GHSA-gmj3-jv2h-3mhj",
"modified": "2026-07-14T18:32:32Z",
"published": "2026-07-14T18:32:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-55024"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55024"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GMJ9-H825-CHQ2
Vulnerability from github – Published: 2025-01-23 17:19 – Updated: 2025-01-23 23:17Impact
Via a type confusion bug in the CPython interpreter when using try/except* RestrictedPython could be bypassed.
We believe this should be fixed upstream in Python itself until that we remove support for try/except* from RestrictedPython.
(It has been fixed for some Python versions.)
Patches
Patched in version 8.0 by removing support for try/except* clauses
Workarounds
There is no workaround.
References
none
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "RestrictedPython"
},
"ranges": [
{
"events": [
{
"introduced": "6.0"
},
{
"fixed": "8.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-22153"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": true,
"github_reviewed_at": "2025-01-23T17:19:34Z",
"nvd_published_at": "2025-01-23T18:15:33Z",
"severity": "HIGH"
},
"details": "### Impact\nVia a type confusion bug in the CPython interpreter when using `try/except*` RestrictedPython could be bypassed.\n\nWe believe this should be fixed upstream in Python itself until that we remove support for `try/except*` from RestrictedPython.\n(It has been fixed for some Python versions.)\n\n### Patches\nPatched in version 8.0 by removing support for `try/except*` clauses\n\n### Workarounds\nThere is no workaround.\n\n### References\nnone\n",
"id": "GHSA-gmj9-h825-chq2",
"modified": "2025-01-23T23:17:21Z",
"published": "2025-01-23T17:19:34Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-gmj9-h825-chq2"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22153"
},
{
"type": "WEB",
"url": "https://github.com/zopefoundation/RestrictedPython/commit/48a92c5bb617a647cffd0dadd4d5cfe626bcdb2f"
},
{
"type": "PACKAGE",
"url": "https://github.com/zopefoundation/RestrictedPython"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L",
"type": "CVSS_V3"
}
],
"summary": "try/except* clauses could allow bypass RestrictedPython via type confusion bug in the CPython interpreter"
}
GHSA-GMJF-5WF6-PXG7
Vulnerability from github – Published: 2022-07-29 00:00 – Updated: 2022-08-05 00:00Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2022-2295"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-28T02:15:00Z",
"severity": "HIGH"
},
"details": "Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"id": "GHSA-gmjf-5wf6-pxg7",
"modified": "2022-08-05T00:00:25Z",
"published": "2022-07-29T00:00:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2295"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1336869"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-35"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GMXF-QJ4V-RF52
Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2025-10-22 00:32Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2021-30551"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-15T22:15:00Z",
"severity": "HIGH"
},
"details": "Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"id": "GHSA-gmxf-qj4v-rf52",
"modified": "2025-10-22T00:32:18Z",
"published": "2022-05-24T19:05:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30551"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1216437"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PAT6EOXVQFE6JFMFQF4IKAOUQSHMHL54"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202107-06"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-25"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30551"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GPX4-FQ76-5FJ9
Vulnerability from github – Published: 2022-05-13 01:43 – Updated: 2022-05-13 01:43An elevation of privilege vulnerability in the Upstream kernel bluez. Product: Android. Versions: Android kernel. Android ID: A-63527053.
{
"affected": [],
"aliases": [
"CVE-2017-13220"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-01-12T23:29:00Z",
"severity": "HIGH"
},
"details": "An elevation of privilege vulnerability in the Upstream kernel bluez. Product: Android. Versions: Android kernel. Android ID: A-63527053.",
"id": "GHSA-gpx4-fq76-5fj9",
"modified": "2022-05-13T01:43:06Z",
"published": "2022-05-13T01:43:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13220"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1536155"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1076537"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51bda2bca53b265715ca1852528f38dc67429d9a"
},
{
"type": "WEB",
"url": "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13220.html"
},
{
"type": "WEB",
"url": "https://security-tracker.debian.org/tracker/CVE-2017-13220"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2018-01-01"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3655-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3655-2"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4187"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GQCR-2578-3WC2
Vulnerability from github – Published: 2022-05-17 01:08 – Updated: 2025-04-12 12:56Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion."
{
"affected": [],
"aliases": [
"CVE-2016-0985"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-02-10T20:59:00Z",
"severity": "HIGH"
},
"details": "Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK \u0026 Compiler before 20.0.0.260 allow attackers to execute arbitrary code by leveraging an unspecified \"type confusion.\"",
"id": "GHSA-gqcr-2578-3wc2",
"modified": "2025-04-12T12:56:54Z",
"published": "2022-05-17T01:08:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0985"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-04.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201603-07"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/39461"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00025.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00027.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00029.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00030.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0166.html"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1034970"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GQFJ-PH97-XJRX
Vulnerability from github – Published: 2022-05-24 17:13 – Updated: 2022-06-03 00:00A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2020-3897"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-04-01T18:15:00Z",
"severity": "HIGH"
},
"details": "A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution.",
"id": "GHSA-gqfj-ph97-xjrx",
"modified": "2022-06-03T00:00:39Z",
"published": "2022-05-24T17:13:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3897"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202006-08"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT211101"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT211102"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT211103"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT211104"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT211105"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT211106"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT211107"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4681"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2020/04/27/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GQFX-G24J-XF8P
Vulnerability from github – Published: 2025-08-12 18:31 – Updated: 2025-08-12 18:31Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.
{
"affected": [],
"aliases": [
"CVE-2025-53143"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-12T18:15:38Z",
"severity": "HIGH"
},
"details": "Access of resource using incompatible type (\u0027type confusion\u0027) in Windows Message Queuing allows an authorized attacker to execute code over a network.",
"id": "GHSA-gqfx-g24j-xf8p",
"modified": "2025-08-12T18:31:31Z",
"published": "2025-08-12T18:31:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53143"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53143"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GQQH-295F-W7WC
Vulnerability from github – Published: 2023-03-27 21:30 – Updated: 2023-04-03 21:32In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption.
{
"affected": [],
"aliases": [
"CVE-2023-1077"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-27T21:15:00Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption.",
"id": "GHSA-gqqh-295f-w7wc",
"modified": "2023-04-03T21:32:47Z",
"published": "2023-03-27T21:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1077"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=7c4a5b89a0b5a57a64b601775b296abf77a9fe97"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230511-0002"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GQW7-QW4R-9W8V
Vulnerability from github – Published: 2022-05-24 16:59 – Updated: 2022-05-24 16:59Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .
{
"affected": [],
"aliases": [
"CVE-2019-8169"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-17T21:15:00Z",
"severity": "HIGH"
},
"details": "Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .",
"id": "GHSA-gqw7-qw4r-9w8v",
"modified": "2022-05-24T16:59:20Z",
"published": "2022-05-24T16:59:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8169"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb19-49.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.