CWE-843 Detail

CWE-843

Name

Access of Resource Using Incompatible Type ('Type Confusion')

Status

Incomplete

Published

2011-06-01
00h00 +00:00

Modified

2023-10-26
00h00 +00:00

Official links

CWE Mitre.org

Notifications for a CWE

Stay informed of any changes for a specific CWE.

Notifications manage

List of Notifications

Notifications for a CWE

Stay informed of any changes for a specific CWE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

Specify the CWE ID you wish to monitor.

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

Name: Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

CWE Description

When the product accesses the resource using an incompatible type, this could trigger logical errors because the resource does not have expected properties. In languages without memory safety, such as C and C++, type confusion can lead to out-of-bounds memory access.

While this weakness is frequently associated with unions when parsing data with many different embedded object types in C, it can be present in any application that can interpret the same variable or memory location in multiple ways.

This weakness is not unique to C and C++. For example, errors in PHP applications can be triggered by providing array parameters when scalars are expected, or vice versa. Languages such as Perl, which perform automatic conversion of a variable of one type when it is accessed as if it were another type, can also contain these issues.

General Informations

Modes Of Introduction

Implementation

Applicable Platforms

Language

Name: C (Undetermined)
Name: C++ (Undetermined)

Common Consequences

Scope	Impact	Likelihood
Availability Integrity Confidentiality	Read Memory, Modify Memory, Execute Unauthorized Code or Commands, DoS: Crash, Exit, or Restart Note: When a memory buffer is accessed using the wrong type, it could read or write memory out of the bounds of the buffer, if the allocated buffer is smaller than the type that the code is attempting to access, leading to a crash and possibly code execution.

Observed Examples

References	Description
CVE-2010-4577	Type confusion in CSS sequence leads to out-of-bounds read.
CVE-2011-0611	Size inconsistency allows code execution, first discovered when it was actively exploited in-the-wild.
CVE-2010-0258	Improperly-parsed file containing records of different types leads to code execution when a memory location is interpreted as a different object than intended.

Vulnerability Mapping Notes

Justification : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Comment : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

NotesNotes

This weakness is possible in any type-unsafe programming language.

Type confusion weaknesses have received some attention by applied researchers and major software vendors for C and C++ code. Some publicly-reported vulnerabilities probably have type confusion as a root-cause weakness, but these may be described as "memory corruption" instead.

For other languages, there are very few public reports of type confusion weaknesses. These are probably under-studied. Since many programs rely directly or indirectly on loose typing, a potential "type confusion" behavior might be intentional, possibly requiring more manual analysis.

References

REF-811

Attacking Interoperability
Mark Dowd, Ryan Smith, David Dewey.
http://hustlelabs.com/stuff/bh2009_dowd_smith_dewey.pdf

REF-62

The Art of Software Security Assessment
Mark Dowd, John McDonald, Justin Schuh.

Submission

Name	Organization	Date	Date release	Version
CWE Content Team	MITRE	2011-05-15 +00:00	2011-06-01 +00:00	1.13

Modifications

Name	Organization	Date	Comment
CWE Content Team	MITRE	2012-05-11 +00:00	updated References
CWE Content Team	MITRE	2017-11-08 +00:00	updated Applicable_Platforms, Taxonomy_Mappings
CWE Content Team	MITRE	2019-01-03 +00:00	updated Relationships
CWE Content Team	MITRE	2019-06-20 +00:00	updated Relationships
CWE Content Team	MITRE	2020-02-24 +00:00	updated Relationships
CWE Content Team	MITRE	2020-06-25 +00:00	updated Common_Consequences, Relationships
CWE Content Team	MITRE	2022-04-28 +00:00	updated Research_Gaps
CWE Content Team	MITRE	2023-01-31 +00:00	updated Description
CWE Content Team	MITRE	2023-04-27 +00:00	updated References, Relationships
CWE Content Team	MITRE	2023-06-29 +00:00	updated Mapping_Notes
CWE Content Team	MITRE	2023-10-26 +00:00	updated Demonstrative_Examples