CVE-2012-2330

🗓️ 13 Aug 2012 23:00:00Reported by redhatType

CVE-2012-2330 The Update method in src/node_http_parser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information (request header contents) and possibly spoof HTTP headers via a zero length string

Reporter	Title	Published	Views	Family All 10
Cvelist	CVE-2012-2330	13 Aug 201223:00	–	cvelist
Debian CVE	CVE-2012-2330	13 Aug 201223:00	–	debiancve
EUVD	EUVD-2012-2323	7 Oct 202500:30	–	euvd
F5 Networks	K99038439: NodeJS vulnerability CVE-2012-2330	21 Feb 202319:58	–	f5
NVD	CVE-2012-2330	13 Aug 201223:55	–	nvd
OpenVAS	FreeBSD Ports: node, node-devel	31 May 201200:00	–	openvas
OSV	DEBIAN-CVE-2012-2330	13 Aug 201223:55	–	osv
Prion	Design/Logic Flaw	13 Aug 201223:55	–	prion
Positive Technologies	PT-2012-3956 · Node.Js · Node.Js	13 Aug 201200:00	–	ptsecurity
UbuntuCve	CVE-2012-2330	13 Aug 201223:55	–	ubuntucve

NVD

Node

nodejs nodejsRange≤0.6.16

nodejs nodejsMatch0.7.0

nodejs nodejsMatch0.7.1

nodejs nodejsMatch0.7.2

nodejs nodejsMatch0.7.3

nodejs nodejsMatch0.7.4

nodejs nodejsMatch0.7.5

nodejs nodejsMatch0.7.6

nodejs nodejsMatch0.7.7

Source	Link
support	www.support.f5.com/csp/article/K99038439
blog	www.blog.nodejs.org/2012/05/04/version-0-6-17-stable/
openwall	www.openwall.com/lists/oss-security/2012/05/08/8
secunia	www.secunia.com/advisories/49066
github	www.github.com/joyent/node/commit/c9a231d
openwall	www.openwall.com/lists/oss-security/2012/05/08/4
github	www.github.com/joyent/node/commit/7b3fb22

29 Apr 2026 01:13Current

6.2Medium risk

Vulners AI Score6.2

CVSS 26.4

EPSS0.0062

CWE-20