Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-704 (不正确的类型转换) — Vulnerability Class 53

53 vulnerabilities classified as CWE-704 (不正确的类型转换). AI Chinese analysis included.

CWE-704 represents a critical software weakness where an application fails to properly convert or cast data between different types, leading to unpredictable behavior or security vulnerabilities. This flaw is typically exploited by attackers who manipulate input data to trigger unintended type conversions, potentially causing buffer overflows, logic errors, or privilege escalation. For instance, forcing a string to be interpreted as an integer might bypass validation checks or corrupt memory structures. To mitigate this risk, developers must implement rigorous input validation and explicitly define type boundaries during conversion processes. Utilizing strongly typed languages and avoiding implicit casts can significantly reduce exposure. Additionally, employing static analysis tools to detect unsafe type operations and conducting thorough code reviews ensures that all conversions are handled safely, preserving data integrity and preventing exploitation of these logical flaws.

MITRE CWE Description
The product does not correctly convert an object, resource, or structure from one type to a different type.
Common Consequences (1)
OtherOther
Examples (2)
In this example, depending on the return value of accecssmainframe(), the variable amount can hold a negative value when it is returned. Because the function is declared to return an unsigned value, amount will be implicitly cast to an unsigned number.
unsigned int readdata () { int amount = 0; ... amount = accessmainframe(); ... return amount; }
Bad · C
The following code uses a union to support the representation of different types of messages. It formats messages differently, depending on their type.
#define NAME_TYPE 1 #define ID_TYPE 2 struct MessageBuffer { int msgType; union { char *name; int nameID; }; }; int main (int argc, char **argv) { struct MessageBuffer buf; char *defaultMessage = "Hello World"; buf.msgType = NAME_TYPE; buf.name = defaultMessage; printf("Pointer of buf.name is %p\n", buf.name); /* This particular value for nameID is used to make the code architecture-independent. If coming from untrusted input, it could be any value. */ buf.nameID = (int)(defaultMessage + 1); printf("Pointer of buf.name is now %p\n", buf.name); if (buf.msgType == NAME_TYPE) { printf("Message: %
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2026-42576 apko `DiscoverKeys` has a panic on non-rsa jwks key that causes crash during key discovery — apko 6.5 Medium2026-05-09
CVE-2026-40613 Coturn: Misaligned Memory Access in coturn STUN Attribute Parser (Remote DoS on ARM64) — coturn 7.5 High2026-04-21
CVE-2026-34379 OpenEXR has a misaligned write in LossyDctDecoder_execute leading to undefined behavior (DWA/DWAB decompression) — openexr 7.1 High2026-04-06
CVE-2021-4456 Net::CIDR versions before 0.24 for Perl mishandle leading zeros in IP CIDR addresses, which may have unspecified impact — Net::CIDR 9.8 -2026-02-27
CVE-2025-40541 SolarWinds Serv-U Insecure Direct Object Reference (IDOR) Remote Code Execution Vulnerability — Serv-U 9.1 Critical2026-02-24
CVE-2025-40540 SolarWinds Serv-U Type Confusion Remote Code Execution Vulnerability — Serv-U 9.1 Critical2026-02-24
CVE-2025-40539 SolarWinds Serv-U Type Confusion Remote Code Execution Vulnerability — Serv-U 9.1 Critical2026-02-24
CVE-2026-25613 An unsafe cast in the MongoDB query planner can result in a segmentation fault. — MongoDB Server 6.5 Medium2026-02-10
CVE-2026-25503 iccDEV Has Type Confusion in CIccTagEmbeddedHeightImage::Validate() — iccDEV 7.1 High2026-02-03
CVE-2026-22041 loggingredactor converts non-string types to string types in logs — loggingredactor 9.1 -2026-01-08
CVE-2025-13720 Google Chrome 安全漏洞 — Chrome 8.8AIHighAI2025-12-02
CVE-2025-62494 Type confusion in string addition in QuickJS — QuickJS 9.8AICriticalAI2025-10-16
CVE-2025-54429 Polkadot Frontier's constructing smart contract can bypass precompile address bounding — frontier 7.5AIHighAI2025-07-28
CVE-2025-41648 Pilz: Authentication Bypass in IndustrialPI Webstatus — IndustrialPI 4 with IndustrialPI webstatus 9.8 Critical2025-07-01
CVE-2025-41646 RevPi Webstatus application is vulnerable to an authentication bypass — Revolution Pi webstatus 9.8 Critical2025-06-06
CVE-2024-43058 Incorrect Type Conversion or Cast in Multimedia Frameworks — Snapdragon 7.8 High2025-04-07
CVE-2025-1057 Keylime: keylime registrar dos due to incompatible database entry handling 4.3 Medium2025-03-15
CVE-2025-20072 Mobile crash via improper validation of proto style in attachments — Mattermost 6.5 Medium2025-01-16
CVE-2025-21088 WebApp crash via improper validation of proto style in attachments — Mattermost 6.5 Medium2025-01-15
CVE-2024-47181 Unaligned memory access in RPL option processing in Contiki-NG — contiki-ng 7.5 High2024-11-27
CVE-2024-39590 OpenPLC 代码问题漏洞 — OpenPLC_v3 7.5 High2024-09-18
CVE-2024-39589 OpenPLC 代码问题漏洞 — OpenPLC_v3 7.5 High2024-09-18
CVE-2024-35303 Siemens Tecnomatix Plant Simulation 代码问题漏洞 — Tecnomatix Plant Simulation V2302 7.8 High2024-06-11
CVE-2024-21478 NULL Pointer Dereference in Graphics — Snapdragon 6.2 Medium2024-06-03
CVE-2024-5436 Type Confusion in Snapchat Lenscore — Snapchat Lenscore 8.8 -2024-05-31
CVE-2024-28130 OFFIS DCMTK 代码问题漏洞 — DCMTK 7.5 High2024-04-23
CVE-2023-33101 Incorrect Type Conversion or Cast in Multi-Mode Call Processor — Snapdragon 7.5 High2024-04-01
CVE-2023-6249 ipm: signed to unsigned conversion problem in esp32_ipm_send — Zephyr 8.0 High2024-02-18
CVE-2023-45204 Siemens Tecnomatix Plant Simulation 代码问题漏洞 — Tecnomatix Plant Simulation V2201 7.8 High2023-10-10
CVE-2023-21651 Incorrect Type Conversion or Cast in Core — Snapdragon 9.3 Critical2023-08-08

Vulnerabilities classified as CWE-704 (不正确的类型转换) represent 53 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.