Common Weakness Enumeration

CWE-843

Allowed

Access of Resource Using Incompatible Type ('Type Confusion')

Abstraction: Base · Status: Incomplete

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

1041 vulnerabilities reference this CWE, most recent first.

GHSA-MJR4-7XG5-PFVH

Vulnerability from github – Published: 2024-05-02 21:30 – Updated: 2024-11-25 19:27
VLAI
Summary
libxmljs2 type confusion vulnerability when parsing specially crafted XML
Details

libxmljs2 is vulnerable to type confusion when parsing a specially crafted XML while invoking a function on the result of attrs() that was called on a parsed node. This vulnerability might lead to denial of service (on both 32-bit systems and 64-bit systems), data leak, infinite loop and remote code execution (on 32-bit systems with the XML_PARSE_HUGE flag enabled). At the time of publication, there is no fix.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "libxmljs2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.33.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-34393"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-03T17:32:58Z",
    "nvd_published_at": "2024-05-02T19:15:06Z",
    "severity": "CRITICAL"
  },
  "details": "libxmljs2 is vulnerable to type confusion when parsing a specially crafted XML while invoking a function on the result of attrs() that was called on a parsed node. This vulnerability might lead to denial of service (on both 32-bit systems and 64-bit systems), data leak, infinite loop and remote code execution (on 32-bit systems with the XML_PARSE_HUGE flag enabled). At the time of publication, there is no fix.",
  "id": "GHSA-mjr4-7xg5-pfvh",
  "modified": "2024-11-25T19:27:49Z",
  "published": "2024-05-02T21:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34393"
    },
    {
      "type": "WEB",
      "url": "https://github.com/marudor/libxmljs2/issues/204"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/marudor/libxmljs2"
    },
    {
      "type": "WEB",
      "url": "https://research.jfrog.com/vulnerabilities/libxmljs2-attrs-type-confusion-rce-jfsa-2024-001034097"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "libxmljs2 type confusion vulnerability when parsing specially crafted XML"
}

GHSA-MMG8-87C5-JRC2

Vulnerability from github – Published: 2026-04-01 00:07 – Updated: 2026-04-01 00:07
VLAI
Summary
Parse Server has a LiveQuery protected-field guard bypass via array-like logical operator value
Details

Impact

An authenticated user with find class-level permission can bypass the protectedFields class-level permission setting on LiveQuery subscriptions. By sending a subscription with a $or, $and, or $nor operator value as a plain object with numeric keys and a length property (an "array-like" object) instead of an array, the protected-field guard is bypassed. The subscription event firing acts as a binary oracle, allowing the attacker to infer whether a protected field matches a given test value.

Patches

The fix validates that $or, $and, and $nor operator values are arrays in the LiveQuery subscription handler, the query depth checker, and the protected-field guard. As defense in depth, the LiveQuery query evaluator also rejects non-array values for these operators.

Workarounds

There is no known workaround.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "parse-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.0"
            },
            {
              "fixed": "9.7.0-alpha.16"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "parse-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.6.70"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-34595"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-01T00:07:39Z",
    "nvd_published_at": "2026-03-31T16:16:34Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nAn authenticated user with `find` class-level permission can bypass the `protectedFields` class-level permission setting on LiveQuery subscriptions. By sending a subscription with a `$or`, `$and`, or `$nor` operator value as a plain object with numeric keys and a `length` property (an \"array-like\" object) instead of an array, the protected-field guard is bypassed. The subscription event firing acts as a binary oracle, allowing the attacker to infer whether a protected field matches a given test value.\n\n### Patches\n\nThe fix validates that `$or`, `$and`, and `$nor` operator values are arrays in the LiveQuery subscription handler, the query depth checker, and the protected-field guard. As defense in depth, the LiveQuery query evaluator also rejects non-array values for these operators.\n\n### Workarounds\n\nThere is no known workaround.",
  "id": "GHSA-mmg8-87c5-jrc2",
  "modified": "2026-04-01T00:07:39Z",
  "published": "2026-04-01T00:07:39Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-mmg8-87c5-jrc2"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34595"
    },
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/parse-server/pull/10350"
    },
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/parse-server/pull/10351"
    },
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/parse-server/commit/f63fd1a3fe0a7c1c5fe809f01b0e04759e8c9b98"
    },
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/parse-server/commit/ffad0ec6b971ee0dd9545e1bf1fb34ddebf275c2"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/parse-community/parse-server"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Parse Server has a LiveQuery protected-field guard bypass via array-like logical operator value"
}

GHSA-MQ6H-8Q58-F5GV

Vulnerability from github – Published: 2025-02-07 03:32 – Updated: 2025-02-07 03:32
VLAI
Details

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-21408"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-06T23:15:09Z",
    "severity": "HIGH"
  },
  "details": "Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability",
  "id": "GHSA-mq6h-8q58-f5gv",
  "modified": "2025-02-07T03:32:03Z",
  "published": "2025-02-07T03:32:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21408"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21408"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MQMR-46GM-2W7Q

Vulnerability from github – Published: 2022-05-02 06:11 – Updated: 2024-02-02 03:30
VLAI
Details

Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that causes memory to be interpreted as a different object type than intended, aka "Microsoft Office Excel Sheet Object Type Confusion Vulnerability."

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2010-0258"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843",
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-03-10T22:30:00Z",
    "severity": "HIGH"
  },
  "details": "Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that causes memory to be interpreted as a different object type than intended, aka \"Microsoft Office Excel Sheet Object Type Confusion Vulnerability.\"",
  "id": "GHSA-mqmr-46gm-2w7q",
  "modified": "2024-02-02T03:30:31Z",
  "published": "2022-05-02T06:11:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0258"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-017"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8545"
    },
    {
      "type": "WEB",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=859"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1023698"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA10-068A.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MQR8-97CV-5WH9

Vulnerability from github – Published: 2022-02-10 00:00 – Updated: 2022-02-10 00:00
VLAI
Details

A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a type confusion vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14643, ZDI-CAN-14644, ZDI-CAN-14755, ZDI-CAN-15183)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-46152"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-09T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a type confusion vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14643, ZDI-CAN-14644, ZDI-CAN-14755, ZDI-CAN-15183)",
  "id": "GHSA-mqr8-97cv-5wh9",
  "modified": "2022-02-10T00:00:27Z",
  "published": "2022-02-10T00:00:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46152"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-609880.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-293"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-294"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-295"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-296"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-MR65-2HJP-XXVG

Vulnerability from github – Published: 2023-03-08 00:30 – Updated: 2023-03-11 03:30
VLAI
Details

Type confusion in V8 in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-1214"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-07T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "Type confusion in V8 in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-mr65-2hjp-xxvg",
  "modified": "2023-03-11T03:30:17Z",
  "published": "2023-03-08T00:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1214"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1412487"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MRJQ-F7FW-FMG2

Vulnerability from github – Published: 2022-01-26 00:01 – Updated: 2022-03-30 00:01
VLAI
Details

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.14-rc3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs, which can result in a type confusion condition. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-14689.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-34866"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-25T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.14-rc3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs, which can result in a type confusion condition. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-14689.",
  "id": "GHSA-mrjq-f7fw-fmg2",
  "modified": "2022-03-30T00:01:52Z",
  "published": "2022-01-26T00:01:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34866"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20220217-0008"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1148"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MRRG-439G-X65P

Vulnerability from github – Published: 2026-03-24 15:30 – Updated: 2026-03-24 21:31
VLAI
Details

JIT miscompilation in the JavaScript Engine component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-4702"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-24T13:16:06Z",
    "severity": "CRITICAL"
  },
  "details": "JIT miscompilation in the JavaScript Engine component. This vulnerability affects Firefox \u003c 149 and Firefox ESR \u003c 140.9.",
  "id": "GHSA-mrrg-439g-x65p",
  "modified": "2026-03-24T21:31:22Z",
  "published": "2026-03-24T15:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4702"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2013560"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2026-20"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2026-22"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2026-23"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2026-24"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MV75-QM55-5JJF

Vulnerability from github – Published: 2024-06-10 18:31 – Updated: 2024-06-12 18:30
VLAI
Details

Fuji Electric Monitouch V-SFT is vulnerable to a type confusion, which could cause a crash or code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-5597"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-10T17:16:35Z",
    "severity": "HIGH"
  },
  "details": "Fuji Electric Monitouch V-SFT\u00a0is vulnerable to a type confusion, which could cause a crash or code execution.",
  "id": "GHSA-mv75-qm55-5jjf",
  "modified": "2024-06-12T18:30:40Z",
  "published": "2024-06-10T18:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5597"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-151-02"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MVJ2-3QFG-7MXP

Vulnerability from github – Published: 2026-04-15 21:30 – Updated: 2026-04-15 21:30
VLAI
Details

Type Confusion in V8 in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-6363"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-15T20:16:43Z",
    "severity": "HIGH"
  },
  "details": "Type Confusion in V8 in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)",
  "id": "GHSA-mvj2-3qfg-7mxp",
  "modified": "2026-04-15T21:30:19Z",
  "published": "2026-04-15T21:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6363"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/495751197"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.