Common Weakness Enumeration

CWE-843

Allowed

Access of Resource Using Incompatible Type ('Type Confusion')

Abstraction: Base · Status: Incomplete

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

1041 vulnerabilities reference this CWE, most recent first.

GHSA-VMG4-JX97-RMVV

Vulnerability from github – Published: 2024-10-03 18:30 – Updated: 2024-10-30 15:30
VLAI
Details

Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-7824"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-03T17:15:14Z",
    "severity": "MODERATE"
  },
  "details": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027) vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3.",
  "id": "GHSA-vmg4-jx97-rmvv",
  "modified": "2024-10-30T15:30:44Z",
  "published": "2024-10-03T18:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7824"
    },
    {
      "type": "WEB",
      "url": "https://answers.webroot.com/Webroot/ukp.aspx?pid=12\u0026app=vw\u0026vw=1\u0026login=1\u0026json=1\u0026solutionid=4275"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VP7P-4FXV-645Q

Vulnerability from github – Published: 2026-07-03 21:31 – Updated: 2026-07-03 21:31
VLAI
Details

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-57975"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-03T21:17:01Z",
    "severity": "HIGH"
  },
  "details": "Access of resource using incompatible type (\u0027type confusion\u0027) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.",
  "id": "GHSA-vp7p-4fxv-645q",
  "modified": "2026-07-03T21:31:38Z",
  "published": "2026-07-03T21:31:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-57975"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57975"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VP8R-986V-6QJ4

Vulnerability from github – Published: 2023-08-15 18:31 – Updated: 2025-05-05 18:32
VLAI
Details

Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-4352"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-15T18:15:11Z",
    "severity": "HIGH"
  },
  "details": "Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-vp8r-986v-6qj4",
  "modified": "2025-05-05T18:32:45Z",
  "published": "2023-08-15T18:31:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4352"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1452076"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202401-34"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5479"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/174669/Chrome-Read-Only-Property-Overwrite.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VPHQ-5544-C678

Vulnerability from github – Published: 2023-11-06 06:30 – Updated: 2023-11-13 21:30
VLAI
Details

In vdec, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08163896 & ALPS08013430; Issue ID: ALPS07867715.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-32818"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-06T04:15:07Z",
    "severity": "MODERATE"
  },
  "details": "In vdec, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08163896 \u0026 ALPS08013430; Issue ID: ALPS07867715.",
  "id": "GHSA-vphq-5544-c678",
  "modified": "2023-11-13T21:30:57Z",
  "published": "2023-11-06T06:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32818"
    },
    {
      "type": "WEB",
      "url": "https://corp.mediatek.com/product-security-bulletin/November-2023"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VPVQ-FG2R-FRCR

Vulnerability from github – Published: 2022-05-24 17:38 – Updated: 2022-05-24 17:38
VLAI
Details

Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a type confusion issue while processing project files, which may allow an attacker to execute arbitrary code.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-27293"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-01-11T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a type confusion issue while processing project files, which may allow an attacker to execute arbitrary code.",
  "id": "GHSA-vpvq-fg2r-frcr",
  "modified": "2022-05-24T17:38:35Z",
  "published": "2022-05-24T17:38:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27293"
    },
    {
      "type": "WEB",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-007-04"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-045"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-VQFX-GJ96-3W95

Vulnerability from github – Published: 2023-02-23 16:58 – Updated: 2023-02-23 16:58
VLAI
Summary
Unsafe fall-through in getWhereConditions
Details

Impact

Providing an invalid value to the where option of a query caused Sequelize to ignore that option instead of throwing an error.

A finder call like the following did not throw an error:

User.findAll({
  where: new Date(),
});

As this option is typically used with plain javascript objects, be aware that this only happens at the top level of this option.

Patches

This issue has been patched in sequelize@6.28.1 & @sequelize/core@7.0.0.alpha-20

References

A discussion thread about this issue is open at https://github.com/sequelize/sequelize/discussions/15698

CVE: CVE-2023-22579 Snyk: https://security.snyk.io/vuln/SNYK-JS-SEQUELIZE-3324090

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "sequelize"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.28.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "@sequelize/core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.0-alpha.20"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-22579"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-02-23T16:58:56Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "### Impact\n\nProviding an invalid value to the `where` option of a query caused Sequelize to ignore that option instead of throwing an error. \n\nA finder call like the following did not throw an error:\n\n```ts\nUser.findAll({\n  where: new Date(),\n});\n```\n\nAs this option is typically used with plain javascript objects, be aware that this only happens at the top level of this option.\n\n### Patches\n\nThis issue has been patched in [`sequelize@6.28.1`](https://github.com/sequelize/sequelize/pull/15699) \u0026 [`@sequelize/core@7.0.0.alpha-20`](https://github.com/sequelize/sequelize/pull/15375)\n\n### References\n\nA discussion thread about this issue is open at https://github.com/sequelize/sequelize/discussions/15698\n\nCVE:  CVE-2023-22579\nSnyk: https://security.snyk.io/vuln/SNYK-JS-SEQUELIZE-3324090",
  "id": "GHSA-vqfx-gj96-3w95",
  "modified": "2023-02-23T16:58:56Z",
  "published": "2023-02-23T16:58:56Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/sequelize/sequelize/security/advisories/GHSA-vqfx-gj96-3w95"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22579"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sequelize/sequelize/pull/15375"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sequelize/sequelize/pull/15699"
    },
    {
      "type": "WEB",
      "url": "https://csirt.divd.nl/CVE-2023-22579"
    },
    {
      "type": "WEB",
      "url": "https://csirt.divd.nl/DIVD-2022-00020"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/sequelize/sequelize"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sequelize/sequelize/discussions/15698"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sequelize/sequelize/releases/tag/v6.28.1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sequelize/sequelize/releases/tag/v7.0.0-alpha.20"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Unsafe fall-through in getWhereConditions"
}

GHSA-VQRV-V5Q9-26W8

Vulnerability from github – Published: 2024-02-05 06:30 – Updated: 2024-02-09 03:33
VLAI
Details

In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358560; Issue ID: ALPS08358560.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-20010"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-05T06:15:47Z",
    "severity": "MODERATE"
  },
  "details": "In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358560; Issue ID: ALPS08358560.",
  "id": "GHSA-vqrv-v5q9-26w8",
  "modified": "2024-02-09T03:33:00Z",
  "published": "2024-02-05T06:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20010"
    },
    {
      "type": "WEB",
      "url": "https://corp.mediatek.com/product-security-bulletin/February-2024"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VR47-8W9Q-X3FW

Vulnerability from github – Published: 2025-10-14 18:30 – Updated: 2025-10-14 18:30
VLAI
Details

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-59233"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-14T17:16:04Z",
    "severity": "HIGH"
  },
  "details": "Access of resource using incompatible type (\u0027type confusion\u0027) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.",
  "id": "GHSA-vr47-8w9q-x3fw",
  "modified": "2025-10-14T18:30:35Z",
  "published": "2025-10-14T18:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59233"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59233"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VRCJ-GPP3-5V75

Vulnerability from github – Published: 2023-12-29 06:30 – Updated: 2023-12-29 06:30
VLAI
Details

Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-51428"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-29T04:15:09Z",
    "severity": "MODERATE"
  },
  "details": "\nSome Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.\n\n",
  "id": "GHSA-vrcj-gpp3-5v75",
  "modified": "2023-12-29T06:30:29Z",
  "published": "2023-12-29T06:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51428"
    },
    {
      "type": "WEB",
      "url": "https://www.hihonor.com/global/security/cve-2023-51428"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VW7J-6J6F-VM86

Vulnerability from github – Published: 2022-10-24 19:00 – Updated: 2022-10-25 19:00
VLAI
Details

In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check. Malicious bytecode could make use of this inlining to access or modify memory via an incompatible type.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-3676"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-24T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check. Malicious bytecode could make use of this inlining to access or modify memory via an incompatible type.",
  "id": "GHSA-vw7j-6j6f-vm86",
  "modified": "2022-10-25T19:00:35Z",
  "published": "2022-10-24T19:00:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3676"
    },
    {
      "type": "WEB",
      "url": "https://github.com/eclipse-openj9/openj9/pull/16122"
    },
    {
      "type": "WEB",
      "url": "https://github.com/eclipse/omr/pull/6773"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.eclipse.org/eclipsefdn/emo-team/emo/-/issues/389"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.