CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')
Also known as: Object Type Confusion
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
Last updated
Overview
When the product accesses the resource using an incompatible type, this could trigger logical errors because the resource does not have expected properties. In languages without memory safety, such as C and C++, type confusion can lead to out-of-bounds memory access. While this weakness is frequently associated with unions when parsing data with many different embedded object types in C, it can be present in any application that can interpret the same variable or memory location in multiple ways. This weakness is not unique to C and C++. For example, errors in PHP applications can be triggered by providing array parameters when scalars are expected, or vice versa. Languages such as Perl, which perform automatic conversion of a variable of one type when it is accessed as if it were another type, can also contain these issues.
Real-world CVEs
505 recorded CVEs are caused by CWE-843 (Access of Resource Using Incompatible Type ('Type Confusion')), including 38 in CISA's KEV (Known Exploited Vulnerabilities) catalog. KEVs are shown first. 90 new CWE-843 CVEs have been recorded so far in 2026 (95 in 2025).
- CVE-2017-0037CISA KEVCritical · CVSS 10.0 · EPSS 100th2017-02-26
- CVE-2024-4947CISA KEVCritical · CVSS 9.4 · EPSS 96th2024-05-15
- CVE-2024-23222CISA KEVCritical · CVSS 9.4 · EPSS 95th2024-01-23
- CVE-2023-3079CISA KEVCritical · CVSS 9.4 · EPSS 98th2023-06-05
- CVE-2022-42856CISA KEVCritical · CVSS 9.4 · EPSS 94th2022-12-15
- CVE-2020-6418CISA KEVCritical · CVSS 9.4 · EPSS 100th2020-02-27
- CVE-2019-11707CISA KEVCritical · CVSS 9.4 · EPSS 98th2019-07-23
- CVE-2018-8298CISA KEVCritical · CVSS 9.4 · EPSS 99th2018-07-11
- CVE-2012-0507CISA KEVCritical · CVSS 9.4 · EPSS 100th2012-06-07
- CVE-2021-30869CISA KEVCritical · CVSS 9.3 · EPSS 90th2021-08-24
- CVE-2017-8291CISA KEVCritical · CVSS 9.3 · EPSS 100th2017-04-27
- CVE-2019-0752CISA KEVCritical · CVSS 9.0 · EPSS 100th2019-04-09
Showing 12 of 505 recorded CWE-843 CVEs. Track new ones as they are published and get AI-written analysis and fixes.
Monitor CWE-843 vulnerabilitiesCommon consequences
What can happen when CWE-843 is exploited.
Read Memory, Modify Memory, Execute Unauthorized Code or Commands, DoS: Crash, Exit, or Restart
Affects: Availability, Integrity, Confidentiality
When a memory buffer is accessed using the wrong type, it could read or write memory out of the bounds of the buffer, if the allocated buffer is smaller than the type that the code is attempting to access, leading to a crash and possibly code execution.
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
Applies to
Languages
How to detect it
Automated Static Analysis
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
Effectiveness: High
Code examples
Illustrative examples from MITRE showing how the weakness appears in code.
The following code uses a union to support the representation of different types of messages. It formats messages differently, depending on their type.
Vulnerable example
#define NAME_TYPE 1The following PHP code accepts a value, adds 5, and prints the sum.
Vulnerable example
$value = $_GET['value'];The following Perl code is intended to look up the privileges for user ID's between 0 and 3, by performing an access of the $UserPrivilegeArray reference. It is expected that only userID 3 is an admin (since this is listed in the third element of the array).
Vulnerable example
my $UserPrivilegeArray = ["user", "user", "admin", "user"];Illustrative examples
Real CVEs that MITRE cites as examples of this weakness.
- CVE-2011-0611CISA KEV— Size inconsistency allows code execution, first discovered when it was actively exploited in-the-wild.
- CVE-2025-32352 — Type confusion in PHP app allows authentication bypass when users have passwords whose MD5 hashes can be interpreted as numbers
- CVE-2010-4577 — Type confusion in CSS sequence leads to out-of-bounds read.
- CVE-2010-0258 — Improperly-parsed file containing records of different types leads to code execution when a memory location is interpreted as a different object than intended.
Terminology & mappings
Alternate terms
- Object Type Confusion
Mapped taxonomies
- CERT C Secure Coding: Do not access a variable through a pointer of an incompatible type (EXP39-C) — Exact fit
Frequently asked questions
Common questions about CWE-843.
- What is CWE-843?
- The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
- What CVEs are caused by CWE-843?
- 505 recorded CVEs are attributed to CWE-843, including CVE-2017-0037, CVE-2024-4947, CVE-2024-23222. 38 are listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
- How is CWE-843 detected?
- Automated Static Analysis: Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
- What are the consequences of CWE-843?
- Exploiting CWE-843 can lead to: Read Memory, Modify Memory, Execute Unauthorized Code or Commands, DoS: Crash, Exit, or Restart.
- Is CWE-843 actively exploited?
- Yes. 38 CWE-843 vulnerabilities are in CISA's KEV catalog of actively exploited flaws, out of 505 recorded CVEs.
References
- MITRE CWE definition (CWE-843) (opens in a new tab)
- CWE-843 vulnerabilities on NVD (opens in a new tab)
- Learn: What is a CWE?
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Stay ahead of CWE-843
Get alerted the moment a new CWE-843 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.