CWE-843
AllowedAccess of Resource Using Incompatible Type ('Type Confusion')
Abstraction: Base · Status: Incomplete
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
1041 vulnerabilities reference this CWE, most recent first.
GHSA-VMG4-JX97-RMVV
Vulnerability from github – Published: 2024-10-03 18:30 – Updated: 2024-10-30 15:30Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3.
{
"affected": [],
"aliases": [
"CVE-2024-7824"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-03T17:15:14Z",
"severity": "MODERATE"
},
"details": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027) vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3.",
"id": "GHSA-vmg4-jx97-rmvv",
"modified": "2024-10-30T15:30:44Z",
"published": "2024-10-03T18:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7824"
},
{
"type": "WEB",
"url": "https://answers.webroot.com/Webroot/ukp.aspx?pid=12\u0026app=vw\u0026vw=1\u0026login=1\u0026json=1\u0026solutionid=4275"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VP7P-4FXV-645Q
Vulnerability from github – Published: 2026-07-03 21:31 – Updated: 2026-07-03 21:31Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
{
"affected": [],
"aliases": [
"CVE-2026-57975"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-03T21:17:01Z",
"severity": "HIGH"
},
"details": "Access of resource using incompatible type (\u0027type confusion\u0027) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.",
"id": "GHSA-vp7p-4fxv-645q",
"modified": "2026-07-03T21:31:38Z",
"published": "2026-07-03T21:31:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-57975"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57975"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VP8R-986V-6QJ4
Vulnerability from github – Published: 2023-08-15 18:31 – Updated: 2025-05-05 18:32Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2023-4352"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-15T18:15:11Z",
"severity": "HIGH"
},
"details": "Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-vp8r-986v-6qj4",
"modified": "2025-05-05T18:32:45Z",
"published": "2023-08-15T18:31:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4352"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1452076"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202401-34"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5479"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/174669/Chrome-Read-Only-Property-Overwrite.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VPHQ-5544-C678
Vulnerability from github – Published: 2023-11-06 06:30 – Updated: 2023-11-13 21:30In vdec, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08163896 & ALPS08013430; Issue ID: ALPS07867715.
{
"affected": [],
"aliases": [
"CVE-2023-32818"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-06T04:15:07Z",
"severity": "MODERATE"
},
"details": "In vdec, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08163896 \u0026 ALPS08013430; Issue ID: ALPS07867715.",
"id": "GHSA-vphq-5544-c678",
"modified": "2023-11-13T21:30:57Z",
"published": "2023-11-06T06:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32818"
},
{
"type": "WEB",
"url": "https://corp.mediatek.com/product-security-bulletin/November-2023"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VPVQ-FG2R-FRCR
Vulnerability from github – Published: 2022-05-24 17:38 – Updated: 2022-05-24 17:38Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a type confusion issue while processing project files, which may allow an attacker to execute arbitrary code.
{
"affected": [],
"aliases": [
"CVE-2020-27293"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-11T16:15:00Z",
"severity": "HIGH"
},
"details": "Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a type confusion issue while processing project files, which may allow an attacker to execute arbitrary code.",
"id": "GHSA-vpvq-fg2r-frcr",
"modified": "2022-05-24T17:38:35Z",
"published": "2022-05-24T17:38:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27293"
},
{
"type": "WEB",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-007-04"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-045"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-VQFX-GJ96-3W95
Vulnerability from github – Published: 2023-02-23 16:58 – Updated: 2023-02-23 16:58Impact
Providing an invalid value to the where option of a query caused Sequelize to ignore that option instead of throwing an error.
A finder call like the following did not throw an error:
User.findAll({
where: new Date(),
});
As this option is typically used with plain javascript objects, be aware that this only happens at the top level of this option.
Patches
This issue has been patched in sequelize@6.28.1 & @sequelize/core@7.0.0.alpha-20
References
A discussion thread about this issue is open at https://github.com/sequelize/sequelize/discussions/15698
CVE: CVE-2023-22579 Snyk: https://security.snyk.io/vuln/SNYK-JS-SEQUELIZE-3324090
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "sequelize"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.28.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@sequelize/core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.0.0-alpha.20"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-22579"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": true,
"github_reviewed_at": "2023-02-23T16:58:56Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "### Impact\n\nProviding an invalid value to the `where` option of a query caused Sequelize to ignore that option instead of throwing an error. \n\nA finder call like the following did not throw an error:\n\n```ts\nUser.findAll({\n where: new Date(),\n});\n```\n\nAs this option is typically used with plain javascript objects, be aware that this only happens at the top level of this option.\n\n### Patches\n\nThis issue has been patched in [`sequelize@6.28.1`](https://github.com/sequelize/sequelize/pull/15699) \u0026 [`@sequelize/core@7.0.0.alpha-20`](https://github.com/sequelize/sequelize/pull/15375)\n\n### References\n\nA discussion thread about this issue is open at https://github.com/sequelize/sequelize/discussions/15698\n\nCVE: CVE-2023-22579\nSnyk: https://security.snyk.io/vuln/SNYK-JS-SEQUELIZE-3324090",
"id": "GHSA-vqfx-gj96-3w95",
"modified": "2023-02-23T16:58:56Z",
"published": "2023-02-23T16:58:56Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/sequelize/sequelize/security/advisories/GHSA-vqfx-gj96-3w95"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22579"
},
{
"type": "WEB",
"url": "https://github.com/sequelize/sequelize/pull/15375"
},
{
"type": "WEB",
"url": "https://github.com/sequelize/sequelize/pull/15699"
},
{
"type": "WEB",
"url": "https://csirt.divd.nl/CVE-2023-22579"
},
{
"type": "WEB",
"url": "https://csirt.divd.nl/DIVD-2022-00020"
},
{
"type": "PACKAGE",
"url": "https://github.com/sequelize/sequelize"
},
{
"type": "WEB",
"url": "https://github.com/sequelize/sequelize/discussions/15698"
},
{
"type": "WEB",
"url": "https://github.com/sequelize/sequelize/releases/tag/v6.28.1"
},
{
"type": "WEB",
"url": "https://github.com/sequelize/sequelize/releases/tag/v7.0.0-alpha.20"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Unsafe fall-through in getWhereConditions"
}
GHSA-VQRV-V5Q9-26W8
Vulnerability from github – Published: 2024-02-05 06:30 – Updated: 2024-02-09 03:33In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358560; Issue ID: ALPS08358560.
{
"affected": [],
"aliases": [
"CVE-2024-20010"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-05T06:15:47Z",
"severity": "MODERATE"
},
"details": "In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358560; Issue ID: ALPS08358560.",
"id": "GHSA-vqrv-v5q9-26w8",
"modified": "2024-02-09T03:33:00Z",
"published": "2024-02-05T06:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20010"
},
{
"type": "WEB",
"url": "https://corp.mediatek.com/product-security-bulletin/February-2024"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VR47-8W9Q-X3FW
Vulnerability from github – Published: 2025-10-14 18:30 – Updated: 2025-10-14 18:30Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
{
"affected": [],
"aliases": [
"CVE-2025-59233"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-14T17:16:04Z",
"severity": "HIGH"
},
"details": "Access of resource using incompatible type (\u0027type confusion\u0027) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.",
"id": "GHSA-vr47-8w9q-x3fw",
"modified": "2025-10-14T18:30:35Z",
"published": "2025-10-14T18:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59233"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59233"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VRCJ-GPP3-5V75
Vulnerability from github – Published: 2023-12-29 06:30 – Updated: 2023-12-29 06:30Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.
{
"affected": [],
"aliases": [
"CVE-2023-51428"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-29T04:15:09Z",
"severity": "MODERATE"
},
"details": "\nSome Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.\n\n",
"id": "GHSA-vrcj-gpp3-5v75",
"modified": "2023-12-29T06:30:29Z",
"published": "2023-12-29T06:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51428"
},
{
"type": "WEB",
"url": "https://www.hihonor.com/global/security/cve-2023-51428"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-VW7J-6J6F-VM86
Vulnerability from github – Published: 2022-10-24 19:00 – Updated: 2022-10-25 19:00In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check. Malicious bytecode could make use of this inlining to access or modify memory via an incompatible type.
{
"affected": [],
"aliases": [
"CVE-2022-3676"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-24T14:15:00Z",
"severity": "MODERATE"
},
"details": "In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check. Malicious bytecode could make use of this inlining to access or modify memory via an incompatible type.",
"id": "GHSA-vw7j-6j6f-vm86",
"modified": "2022-10-25T19:00:35Z",
"published": "2022-10-24T19:00:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3676"
},
{
"type": "WEB",
"url": "https://github.com/eclipse-openj9/openj9/pull/16122"
},
{
"type": "WEB",
"url": "https://github.com/eclipse/omr/pull/6773"
},
{
"type": "WEB",
"url": "https://gitlab.eclipse.org/eclipsefdn/emo-team/emo/-/issues/389"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.