CWE-843
AllowedAccess of Resource Using Incompatible Type ('Type Confusion')
Abstraction: Base · Status: Incomplete
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
1041 vulnerabilities reference this CWE, most recent first.
GHSA-5883-CQ6H-C598
Vulnerability from github – Published: 2022-05-24 17:28 – Updated: 2022-05-24 17:28Type confusion in V8 in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2020-15965"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-09-21T20:15:00Z",
"severity": "HIGH"
},
"details": "Type confusion in V8 in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.",
"id": "GHSA-5883-cq6h-c598",
"modified": "2022-05-24T17:28:57Z",
"published": "2022-05-24T17:28:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15965"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop_21.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1126249"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FN7HZIGAOCZKBT4LV363BCPRA5FLY25I"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNIYFJST4TFJYFZ27VODBOINCLBGULTD"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWNBJFBPKYCYSZTS54FHNCRZG6KC2AIJ"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202009-13"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202101-30"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4824"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00087.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00095.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00096.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00049.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-596G-2P2M-3392
Vulnerability from github – Published: 2023-11-06 06:30 – Updated: 2023-11-13 21:30In secmem, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08161762; Issue ID: ALPS08161762.
{
"affected": [],
"aliases": [
"CVE-2023-32834"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-06T04:15:07Z",
"severity": "MODERATE"
},
"details": "In secmem, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08161762; Issue ID: ALPS08161762.",
"id": "GHSA-596g-2p2m-3392",
"modified": "2023-11-13T21:30:57Z",
"published": "2023-11-06T06:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32834"
},
{
"type": "WEB",
"url": "https://corp.mediatek.com/product-security-bulletin/November-2023"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-59J5-R3PJ-3Q9P
Vulnerability from github – Published: 2024-05-07 21:31 – Updated: 2024-07-03 18:39In TBD of TBD, there is a possible confusion of OEM and DRM certificates due to improperly used crypto. This could lead to local bypass of DRM content protection with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2024-0042"
],
"database_specific": {
"cwe_ids": [
"CWE-295",
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-07T21:15:08Z",
"severity": "MODERATE"
},
"details": "In TBD of TBD, there is a possible confusion of OEM and DRM certificates due to improperly used crypto. This could lead to local bypass of DRM content protection with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-59j5-r3pj-3q9p",
"modified": "2024-07-03T18:39:46Z",
"published": "2024-05-07T21:31:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0042"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2024-04-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-59WC-XC28-QHHH
Vulnerability from github – Published: 2022-05-13 01:22 – Updated: 2022-05-13 01:22A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2019-6215"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-03-05T16:29:00Z",
"severity": "HIGH"
},
"details": "A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.",
"id": "GHSA-59wc-xc28-qhhh",
"modified": "2022-05-13T01:22:38Z",
"published": "2022-05-13T01:22:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6215"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201903-12"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT209443"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT209447"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT209449"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT209450"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT209451"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3889-1"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/46448"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/106691"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5C4V-W575-7M4R
Vulnerability from github – Published: 2022-05-13 01:05 – Updated: 2022-05-13 01:05Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion."
{
"affected": [],
"aliases": [
"CVE-2016-6992"
],
"database_specific": {
"cwe_ids": [
"CWE-704",
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-10-13T20:00:00Z",
"severity": "CRITICAL"
},
"details": "Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code by leveraging an unspecified \"type confusion.\"",
"id": "GHSA-5c4v-w575-7m4r",
"modified": "2022-05-13T01:05:53Z",
"published": "2022-05-13T01:05:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6992"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-32.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201610-10"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2057.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/93488"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1036985"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5CCQ-3H49-VJP2
Vulnerability from github – Published: 2023-05-31 00:31 – Updated: 2023-11-25 12:30Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2023-2935"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-30T22:15:10Z",
"severity": "HIGH"
},
"details": "Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-5ccq-3h49-vjp2",
"modified": "2023-11-25T12:30:22Z",
"published": "2023-05-31T00:31:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2935"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1440695"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202311-11"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202401-34"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5418"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/173196/Chrome-v8-internal-Object-SetPropertyWithAccessor-Type-Confusion.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5CMW-FHQ9-8FHH
Vulnerability from github – Published: 2022-04-01 00:00 – Updated: 2022-04-12 18:10Live Helper Chat provides live support for your website. Loose comparison causes IDOR on multiple endpoints in LiveHelperChat prior to 3.96. There is a fix released in versions 3.96 and 3.97. Currently, there is no known workaround.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "remdex/livehelperchat"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.96"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-1176"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": true,
"github_reviewed_at": "2022-04-01T19:41:31Z",
"nvd_published_at": "2022-03-31T10:15:00Z",
"severity": "HIGH"
},
"details": "Live Helper Chat provides live support for your website. Loose comparison causes IDOR on multiple endpoints in LiveHelperChat prior to 3.96. There is a fix released in versions 3.96 and 3.97. Currently, there is no known workaround.",
"id": "GHSA-5cmw-fhq9-8fhh",
"modified": "2022-04-12T18:10:00Z",
"published": "2022-04-01T00:00:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1176"
},
{
"type": "WEB",
"url": "https://github.com/livehelperchat/livehelperchat/commit/72c0df160bfe9838c618652facef29af99392ce3"
},
{
"type": "PACKAGE",
"url": "https://github.com/livehelperchat/livehelperchat"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/3e30171b-c9bf-415c-82f1-6f55a44d09d3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Type Confusion in LiveHelperChat"
}
GHSA-5CXQ-3W6R-VJ7G
Vulnerability from github – Published: 2025-05-13 18:30 – Updated: 2025-05-13 18:30Dreamweaver Desktop versions 21.4 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2025-30310"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-13T17:15:59Z",
"severity": "HIGH"
},
"details": "Dreamweaver Desktop versions 21.4 and earlier are affected by an Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-5cxq-3w6r-vj7g",
"modified": "2025-05-13T18:30:55Z",
"published": "2025-05-13T18:30:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30310"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/dreamweaver/apsb25-35.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5F38-9JW2-6R6H
Vulnerability from github – Published: 2021-10-12 16:22 – Updated: 2022-05-04 03:42Teddy is a readable and easy to learn templating language. This affects the package teddy before 0.5.9. A type confusion vulnerability can be used to bypass input sanitization when the model content is an array (instead of a string).
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "teddy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.5.9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-23447"
],
"database_specific": {
"cwe_ids": [
"CWE-79",
"CWE-843"
],
"github_reviewed": true,
"github_reviewed_at": "2021-10-08T21:52:26Z",
"nvd_published_at": "2021-10-07T17:15:00Z",
"severity": "MODERATE"
},
"details": "Teddy is a readable and easy to learn templating language. This affects the package teddy before 0.5.9. A type confusion vulnerability can be used to bypass input sanitization when the model content is an array (instead of a string).",
"id": "GHSA-5f38-9jw2-6r6h",
"modified": "2022-05-04T03:42:48Z",
"published": "2021-10-12T16:22:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23447"
},
{
"type": "WEB",
"url": "https://github.com/rooseveltframework/teddy/pull/518"
},
{
"type": "WEB",
"url": "https://github.com/rooseveltframework/teddy/commit/64c556717b4879bf8d4c30067cf6e70d899a3dc0"
},
{
"type": "PACKAGE",
"url": "https://github.com/rooseveltframework/teddy"
},
{
"type": "WEB",
"url": "https://github.com/rooseveltframework/teddy/releases/tag/0.5.9"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JS-TEDDY-1579557"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Cross-site Scripting in teddy"
}
GHSA-5F7P-5PW7-8J36
Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-05-24 19:07Issue was discovered in the fxParserTree function in moddable, allows attackers to cause denial of service via a crafted payload. Fixed in commit 723816ab9b52f807180c99fc69c7d08cf6c6bd61.
{
"affected": [],
"aliases": [
"CVE-2020-22882"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-13T15:15:00Z",
"severity": "HIGH"
},
"details": "Issue was discovered in the fxParserTree function in moddable, allows attackers to cause denial of service via a crafted payload. Fixed in commit 723816ab9b52f807180c99fc69c7d08cf6c6bd61.",
"id": "GHSA-5f7p-5pw7-8j36",
"modified": "2022-05-24T19:07:35Z",
"published": "2022-05-24T19:07:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-22882"
},
{
"type": "WEB",
"url": "https://github.com/Moddable-OpenSource/moddable/issues/351"
}
],
"schema_version": "1.4.0",
"severity": []
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.