Unrated severityNVD Advisory· Published Aug 13, 2012· Updated Apr 29, 2026
CVE-2012-2330
CVE-2012-2330
Description
The Update method in src/node_http_parser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information (request header contents) and possibly spoof HTTP headers via a zero length string.
Affected products
9cpe:2.3:a:nodejs:nodejs:*:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:nodejs:nodejs:*:*:*:*:*:*:*:*range: <=0.6.16
- cpe:2.3:a:nodejs:nodejs:0.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:nodejs:nodejs:0.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:nodejs:nodejs:0.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:nodejs:nodejs:0.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:nodejs:nodejs:0.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:nodejs:nodejs:0.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:nodejs:nodejs:0.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:nodejs:nodejs:0.7.7:*:*:*:*:*:*:*
Patches
27b3fb22https://github.com/joyent/nodevia nvd-ref
c9a231dhttps://github.com/joyent/nodevia nvd-ref
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- github.com/joyent/node/commit/7b3fb22nvdExploitPatch
- github.com/joyent/node/commit/c9a231dnvdExploitPatch
- secunia.com/advisories/49066nvdVendor Advisory
- blog.nodejs.org/2012/05/04/version-0-6-17-stable/nvd
- www.openwall.com/lists/oss-security/2012/05/08/4nvd
- www.openwall.com/lists/oss-security/2012/05/08/8nvd
- support.f5.com/csp/article/K99038439nvd
News mentions
0No linked articles in our index yet.