CWE-843
AllowedAccess of Resource Using Incompatible Type ('Type Confusion')
Abstraction: Base · Status: Incomplete
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
1041 vulnerabilities reference this CWE, most recent first.
GHSA-M832-C36H-PR9R
Vulnerability from github – Published: 2023-05-29 03:30 – Updated: 2024-04-04 04:22OX App Suite before backend 7.10.6-rev37 allows authenticated users to change the appointments of arbitrary users via conflicting ID numbers, aka "ID confusion."
{
"affected": [],
"aliases": [
"CVE-2023-24599"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-29T03:15:09Z",
"severity": "MODERATE"
},
"details": "OX App Suite before backend 7.10.6-rev37 allows authenticated users to change the appointments of arbitrary users via conflicting ID numbers, aka \"ID confusion.\"",
"id": "GHSA-m832-c36h-pr9r",
"modified": "2024-04-04T04:22:26Z",
"published": "2023-05-29T03:30:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24599"
},
{
"type": "WEB",
"url": "https://open-xchange.com"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2023/May/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-M8QW-RFH7-66F9
Vulnerability from github – Published: 2026-07-01 00:34 – Updated: 2026-07-01 03:35Type Confusion in Bluetooth in Google Chrome on Windows prior to 150.0.7871.47 allowed an attacker on the local network segment to obtain potentially sensitive information from process memory via a malicious peripheral. (Chromium security severity: Low)
{
"affected": [],
"aliases": [
"CVE-2026-14119"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-30T23:17:23Z",
"severity": "MODERATE"
},
"details": "Type Confusion in Bluetooth in Google Chrome on Windows prior to 150.0.7871.47 allowed an attacker on the local network segment to obtain potentially sensitive information from process memory via a malicious peripheral. (Chromium security severity: Low)",
"id": "GHSA-m8qw-rfh7-66f9",
"modified": "2026-07-01T03:35:23Z",
"published": "2026-07-01T00:34:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-14119"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/513775483"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-M8XH-CQC2-5Q6F
Vulnerability from github – Published: 2022-03-29 00:01 – Updated: 2022-04-01 17:14ImpressCMS before 1.4.3 has plugins/preloads/autologin.php type confusion with resultant Authentication Bypass (!= instead of !==).
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "impresscms/impresscms"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-26600"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": true,
"github_reviewed_at": "2022-04-01T17:14:56Z",
"nvd_published_at": "2022-03-28T01:15:00Z",
"severity": "CRITICAL"
},
"details": "ImpressCMS before 1.4.3 has plugins/preloads/autologin.php type confusion with resultant Authentication Bypass (!= instead of !==).",
"id": "GHSA-m8xh-cqc2-5q6f",
"modified": "2022-04-01T17:14:56Z",
"published": "2022-03-29T00:01:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26600"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/1081986"
},
{
"type": "PACKAGE",
"url": "https://github.com/ImpressCMS/impresscms"
},
{
"type": "WEB",
"url": "https://github.com/ImpressCMS/impresscms/releases/tag/v1.4.3"
},
{
"type": "WEB",
"url": "http://karmainsecurity.com/KIS-2022-01"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/166393/ImpressCMS-1.4.2-Authentication-Bypass.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Mar/43"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Type Confusion in ImpressCMS"
}
GHSA-MC2W-PHMV-5VHG
Vulnerability from github – Published: 2026-04-14 18:30 – Updated: 2026-04-14 18:30Access of resource using incompatible type ('type confusion') in Windows COM allows an authorized attacker to disclose information locally.
{
"affected": [],
"aliases": [
"CVE-2026-20806"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-14T18:16:42Z",
"severity": "MODERATE"
},
"details": "Access of resource using incompatible type (\u0027type confusion\u0027) in Windows COM allows an authorized attacker to disclose information locally.",
"id": "GHSA-mc2w-phmv-5vhg",
"modified": "2026-04-14T18:30:36Z",
"published": "2026-04-14T18:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20806"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20806"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MC8V-MGRF-8F4M
Vulnerability from github – Published: 2021-11-18 16:13 – Updated: 2021-12-13 13:12Impact
In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents that contain both “manifests” and “layers” fields could be interpreted as either a manifest or an index in the absence of an accompanying Content-Type header. If a Content-Type header changed between two pulls of the same digest, a client may interpret the resulting content differently.
Patches
The OCI Distribution Specification will be updated to require that a mediaType value present in a manifest or index match the Content-Type header used during the push and pull operations.
Workarounds
Clients pulling from a registry may distrust the Content-Type header and reject an ambiguous document that contains both “manifests” and “layers” fields or “manifests” and “config” fields.
References
https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh
For more information
If you have any questions or comments about this advisory: * Open an issue in https://github.com/opencontainers/distribution-spec/ * Email us at security@opencontainers.org
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/opencontainers/distribution-spec"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-41190"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": true,
"github_reviewed_at": "2021-11-17T23:13:37Z",
"nvd_published_at": "2021-11-17T20:15:00Z",
"severity": "LOW"
},
"details": "### Impact\nIn the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents that contain both \u201cmanifests\u201d and \u201clayers\u201d fields could be interpreted as either a manifest or an index in the absence of an accompanying Content-Type header. If a Content-Type header changed between two pulls of the same digest, a client may interpret the resulting content differently.\n\n### Patches\nThe OCI Distribution Specification will be updated to require that a `mediaType` value present in a manifest or index match the Content-Type header used during the push and pull operations.\n\n### Workarounds\nClients pulling from a registry may distrust the Content-Type header and reject an ambiguous document that contains both \u201cmanifests\u201d and \u201clayers\u201d fields or \u201cmanifests\u201d and \u201cconfig\u201d fields.\n\n### References\nhttps://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in https://github.com/opencontainers/distribution-spec/\n* Email us at security@opencontainers.org\n",
"id": "GHSA-mc8v-mgrf-8f4m",
"modified": "2021-12-13T13:12:02Z",
"published": "2021-11-18T16:13:08Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41190"
},
{
"type": "WEB",
"url": "https://github.com/opencontainers/distribution-spec/commit/ac28cac0557bcd3084714ab09f9f2356fe504923"
},
{
"type": "PACKAGE",
"url": "https://github.com/opencontainers/distribution-spec"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TUZNDAH2B26VPBK342UC3BHZNLBUXGX"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4334HT7AZPLWNYHW4ARU6JBUF3VZJPZN"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A2RRFNTMFYKOTRKD37F5ANMCIO3GGJML"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DX63GRWFEI5RVMYV6XLMCG4OHPWZML27"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RZTO6N55WHKHIZI4IMLY2QFBPMVTAERM"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SQBCYJUIM5GVCMFUPRWKRZNXMMI5EFA4"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4OJ764CKKCWCVONHD4YXTGR7HZ7LRUV"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YIGVQWOA5XXCQXEOOKZX4CDAGLBDRPRX"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/11/19/10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Clarify Content-Type handling"
}
GHSA-MG49-JQGW-GCJ6
Vulnerability from github – Published: 2024-05-02 21:30 – Updated: 2024-11-18 16:26libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the namespaces() function (which invokes _wrap__xmlNode_nsDef_get()) on a grand-child of a node that refers to an entity. This vulnerability can lead to denial of service and remote code execution.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "libxmljs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.0.11"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-34392"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": true,
"github_reviewed_at": "2024-05-03T20:24:04Z",
"nvd_published_at": "2024-05-02T19:15:06Z",
"severity": "CRITICAL"
},
"details": "libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the `namespaces()` function (which invokes `_wrap__xmlNode_nsDef_get()`) on a grand-child of a node that refers to an entity. This vulnerability can lead to denial of service and remote code execution.",
"id": "GHSA-mg49-jqgw-gcj6",
"modified": "2024-11-18T16:26:40Z",
"published": "2024-05-02T21:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34392"
},
{
"type": "WEB",
"url": "https://github.com/libxmljs/libxmljs/issues/646"
},
{
"type": "PACKAGE",
"url": "https://github.com/libxmljs/libxmljs"
},
{
"type": "WEB",
"url": "https://research.jfrog.com/vulnerabilities/libxmljs-namespaces-type-confusion-rce-jfsa-2024-001034096"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "libxmljs vulnerable to type confusion when parsing specially crafted XML "
}
GHSA-MH9G-8CMW-MV9M
Vulnerability from github – Published: 2026-06-05 00:31 – Updated: 2026-06-05 03:31Type Confusion in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2026-10910"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-04T23:16:52Z",
"severity": "HIGH"
},
"details": "Type Confusion in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-mh9g-8cmw-mv9m",
"modified": "2026-06-05T03:31:30Z",
"published": "2026-06-05T00:31:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10910"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/508811477"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MHX4-XRCQ-H9G5
Vulnerability from github – Published: 2023-01-26 21:30 – Updated: 2023-02-01 18:30In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege of BLE with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-228602963
{
"affected": [],
"aliases": [
"CVE-2022-20461"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-26T21:15:00Z",
"severity": "HIGH"
},
"details": "In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege of BLE with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-228602963",
"id": "GHSA-mhx4-xrcq-h9g5",
"modified": "2023-02-01T18:30:31Z",
"published": "2023-01-26T21:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20461"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2023-01-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MJ34-7H26-PJ8G
Vulnerability from github – Published: 2022-05-24 16:50 – Updated: 2023-02-02 15:30A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain email messages, resulting in a crash. This vulnerability affects Thunderbird < 60.7.1.
{
"affected": [],
"aliases": [
"CVE-2019-11706"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-07-23T14:15:00Z",
"severity": "HIGH"
},
"details": "A flaw in Thunderbird\u0027s implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain email messages, resulting in a crash. This vulnerability affects Thunderbird \u003c 60.7.1.",
"id": "GHSA-mj34-7h26-pj8g",
"modified": "2023-02-02T15:30:36Z",
"published": "2022-05-24T16:50:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11706"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1555646"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201908-20"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2019-17"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MJ9C-F5V6-7665
Vulnerability from github – Published: 2025-07-01 00:30 – Updated: 2025-10-22 00:33Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2025-6554"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-30T22:15:29Z",
"severity": "HIGH"
},
"details": "Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-mj9c-f5v6-7665",
"modified": "2025-10-22T00:33:18Z",
"published": "2025-07-01T00:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6554"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_30.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/427663123"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6554"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.