CVE-2012-2330

The Update method in src/node_http_parser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information (request header contents) and possibly spoof HTTP headers via a zero length string.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
VendorProductVersion
nodejsnodejs
𝑥
≤ 0.6.16
nodejsnodejs
0.7.0
nodejsnodejs
0.7.1
nodejsnodejs
0.7.2
nodejsnodejs
0.7.3
nodejsnodejs
0.7.4
nodejsnodejs
0.7.5
nodejsnodejs
0.7.6
nodejsnodejs
0.7.7
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
nodejs
bullseye
12.22.12~dfsg-1~deb11u4
fixed
bullseye (security)
12.22.12~dfsg-1~deb11u5
fixed
bookworm
18.19.0+dfsg-6~deb12u2
fixed
bookworm (security)
18.19.0+dfsg-6~deb12u1
fixed
sid
20.17.0+dfsg-2
fixed
trixie
20.17.0+dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
nodejs
zesty
not-affected
yakkety
not-affected
xenial
not-affected
wily
not-affected
vivid
not-affected
utopic
not-affected
trusty
not-affected
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
ignored
oneiric
ignored
natty
ignored
lucid
dne
hardy
dne
Common Weakness Enumeration
References
http://blog.nodejs.org/2012/05/04/version-0-6-17-stable/
http://secunia.com/advisories/49066
http://www.openwall.com/lists/oss-security/2012/05/08/4
http://www.openwall.com/lists/oss-security/2012/05/08/8
https://github.com/joyent/node/commit/7b3fb22
https://github.com/joyent/node/commit/c9a231d
https://support.f5.com/csp/article/K99038439?utm_source=f5support&amp%3Butm_medium=RSS
http://blog.nodejs.org/2012/05/04/version-0-6-17-stable/
http://secunia.com/advisories/49066
http://www.openwall.com/lists/oss-security/2012/05/08/4
http://www.openwall.com/lists/oss-security/2012/05/08/8
https://github.com/joyent/node/commit/7b3fb22
https://github.com/joyent/node/commit/c9a231d
https://support.f5.com/csp/article/K99038439?utm_source=f5support&amp%3Butm_medium=RSS