CWE-843
AllowedAccess of Resource Using Incompatible Type ('Type Confusion')
Abstraction: Base · Status: Incomplete
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
1041 vulnerabilities reference this CWE, most recent first.
GHSA-JG5C-2PC3-432M
Vulnerability from github – Published: 2026-01-13 18:31 – Updated: 2026-01-13 18:31Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2026-20860"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-13T18:16:14Z",
"severity": "HIGH"
},
"details": "Access of resource using incompatible type (\u0027type confusion\u0027) in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-jg5c-2pc3-432m",
"modified": "2026-01-13T18:31:09Z",
"published": "2026-01-13T18:31:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20860"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20860"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JG9W-WM2G-X7H3
Vulnerability from github – Published: 2022-04-06 00:01 – Updated: 2022-04-12 00:00Type confusion in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2022-0457"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-05T01:15:00Z",
"severity": "HIGH"
},
"details": "Type confusion in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"id": "GHSA-jg9w-wm2g-x7h3",
"modified": "2022-04-12T00:00:47Z",
"published": "2022-04-06T00:01:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0457"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1274445"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JGH6-F95X-G8R7
Vulnerability from github – Published: 2025-09-17 21:30 – Updated: 2025-09-17 21:30Ashlar-Vellum Cobalt CO File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25981.
{
"affected": [],
"aliases": [
"CVE-2025-7995"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-17T21:15:41Z",
"severity": "HIGH"
},
"details": "Ashlar-Vellum Cobalt CO File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25981.",
"id": "GHSA-jgh6-f95x-g8r7",
"modified": "2025-09-17T21:30:43Z",
"published": "2025-09-17T21:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7995"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-717"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JGWV-FX37-24VQ
Vulnerability from github – Published: 2023-05-19 00:30 – Updated: 2024-04-04 04:14A type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could have been used by a malicious attacker to execute arbitrary code via untrusted JavaScript. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.
{
"affected": [],
"aliases": [
"CVE-2023-25933"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-18T22:15:09Z",
"severity": "CRITICAL"
},
"details": "A type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could have been used by a malicious attacker to execute arbitrary code via untrusted JavaScript. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.",
"id": "GHSA-jgwv-fx37-24vq",
"modified": "2024-04-04T04:14:49Z",
"published": "2023-05-19T00:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25933"
},
{
"type": "WEB",
"url": "https://github.com/facebook/hermes/commit/e6ed9c1a4b02dc219de1648f44cd808a56171b81"
},
{
"type": "WEB",
"url": "https://www.facebook.com/security/advisories/cve-2023-25933"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JH8Q-F6HP-2RC7
Vulnerability from github – Published: 2025-10-14 18:30 – Updated: 2025-10-14 18:30Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
{
"affected": [],
"aliases": [
"CVE-2025-59231"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-14T17:16:04Z",
"severity": "HIGH"
},
"details": "Access of resource using incompatible type (\u0027type confusion\u0027) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.",
"id": "GHSA-jh8q-f6hp-2rc7",
"modified": "2025-10-14T18:30:35Z",
"published": "2025-10-14T18:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59231"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59231"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JH98-GV77-C9CX
Vulnerability from github – Published: 2022-05-24 19:20 – Updated: 2022-05-24 19:20An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a OPC/UA client. The client process may crash unexpectedly because of a wrong type cast, and must be restarted.
{
"affected": [],
"aliases": [
"CVE-2021-40871"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-11-10T23:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a OPC/UA client. The client process may crash unexpectedly because of a wrong type cast, and must be restarted.",
"id": "GHSA-jh98-gv77-c9cx",
"modified": "2022-05-24T19:20:27Z",
"published": "2022-05-24T19:20:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40871"
},
{
"type": "WEB",
"url": "https://industrial.softing.com"
},
{
"type": "WEB",
"url": "https://industrial.softing.com/fileadmin/sof-files/pdf/ia/support/Security_Bulletin-CVE-2021-40871.pdf"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-JHGF-XQJM-37VH
Vulnerability from github – Published: 2025-04-15 15:30 – Updated: 2025-04-15 15:30The vulnerability allows any attacker to cause the PeerTube server to stop functioning, or in special cases send requests to arbitrary URLs (Blind SSRF). Attackers can send ActivityPub activities to PeerTube's "inbox" endpoint. By abusing the "Create Activity" functionality, it is possible to create crafted playlists which will cause either denial of service or an attacker-controlled blind SSRF.
{
"affected": [],
"aliases": [
"CVE-2025-32948"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-15T15:16:09Z",
"severity": "HIGH"
},
"details": "The vulnerability allows any attacker to cause the PeerTube server to stop functioning, or in special cases send requests to arbitrary URLs (Blind SSRF). Attackers can send\u00a0ActivityPub activities to PeerTube\u0027s \"inbox\" endpoint. By abusing the \"Create Activity\" functionality, it is possible to create crafted playlists which will cause either denial of service or an attacker-controlled blind SSRF.",
"id": "GHSA-jhgf-xqjm-37vh",
"modified": "2025-04-15T15:30:54Z",
"published": "2025-04-15T15:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32948"
},
{
"type": "WEB",
"url": "https://github.com/Chocobozzz/PeerTube/releases/tag/v7.1.1"
},
{
"type": "WEB",
"url": "https://research.jfrog.com/vulnerabilities/peertube-activitypub-playlist-creation-blind-ssrf-dos"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JJFJ-R463-G4C7
Vulnerability from github – Published: 2026-07-03 21:31 – Updated: 2026-07-03 21:31Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
{
"affected": [],
"aliases": [
"CVE-2026-58295"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-03T21:17:04Z",
"severity": "HIGH"
},
"details": "Access of resource using incompatible type (\u0027type confusion\u0027) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.",
"id": "GHSA-jjfj-r463-g4c7",
"modified": "2026-07-03T21:31:40Z",
"published": "2026-07-03T21:31:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-58295"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58295"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-JJVF-4CXJ-RQV4
Vulnerability from github – Published: 2025-01-09 21:31 – Updated: 2025-01-14 18:31Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Drupal Security Kit allows HTTP DoS.This issue affects Security Kit: from 0.0.0 before 2.0.3.
{
"affected": [],
"aliases": [
"CVE-2024-13275"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-09T20:15:36Z",
"severity": "MODERATE"
},
"details": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027) vulnerability in Drupal Security Kit allows HTTP DoS.This issue affects Security Kit: from 0.0.0 before 2.0.3.",
"id": "GHSA-jjvf-4cxj-rqv4",
"modified": "2025-01-14T18:31:55Z",
"published": "2025-01-09T21:31:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13275"
},
{
"type": "WEB",
"url": "https://www.drupal.org/sa-contrib-2024-039"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-JM6V-MV47-P2GV
Vulnerability from github – Published: 2023-11-20 12:30 – Updated: 2023-11-20 12:30in OpenHarmony v3.2.2 and prior versions allow a local attacker causes system information leak through type confusion.
{
"affected": [],
"aliases": [
"CVE-2023-46705"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-20T12:15:08Z",
"severity": "MODERATE"
},
"details": "in OpenHarmony v3.2.2 and prior versions allow a local attacker causes system information leak through type confusion.",
"id": "GHSA-jm6v-mv47-p2gv",
"modified": "2023-11-20T12:30:27Z",
"published": "2023-11-20T12:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46705"
},
{
"type": "WEB",
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2023/2023-12.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.