CVE-2016-5325

Source
https://cve.org/CVERecord?id=CVE-2016-5325
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-5325.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-5325
Downstream
Related
Published
2016-10-10T16:59:00.200Z
Modified
2026-07-08T05:48:27.260850862Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument.

Database specific
{
    "unresolved_ranges": [
        {
            "cpes": [
                "cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*"
            ],
            "vendor_product": "suse:linux_enterprise",
            "extracted_events": [
                {
                    "introduced": "12.0"
                },
                {
                    "last_affected": "12.0"
                }
            ],
            "source": "CPE_STRING"
        }
    ]
}
References

Affected packages

Git / github.com/nodejs/node

Affected ranges

Type
GIT
Repo
https://github.com/nodejs/node
Events
Database specific
{
    "cpe": [
        "cpe:2.3:a:nodejs:node.js:4.0.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:4.1.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:4.1.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:4.1.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:4.2.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:4.2.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:4.2.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:4.2.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:4.2.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:4.2.5:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:4.2.6:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:4.3.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:4.3.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:4.3.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:4.4.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:4.4.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:4.4.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:4.4.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:4.4.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:4.4.5:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:4.4.6:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:4.4.7:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:4.5.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.5:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.6:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.7:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.8:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.9:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.10:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.11:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.12:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.13:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.14:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.15:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.16:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.16-isaacs-manual:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.17:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.18:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.19:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.20:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.21:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.22:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.23:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.24:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.25:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.26:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.27:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.28:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.29:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.30:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.31:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.32:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.33:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.34:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.35:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.36:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.37:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.38:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.39:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.40:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.41:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.42:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.43:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.44:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.45:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.10.46:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.12.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.12.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.12.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.12.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.12.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.12.5:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.12.6:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.12.7:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.12.8:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.12.9:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.12.10:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.12.11:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.12.12:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.12.13:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.12.14:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:0.12.15:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:6.0.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:6.1.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:6.2.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:6.2.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:6.2.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:6.3.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:6.3.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:6.4.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:6.5.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:nodejs:node.js:6.6.0:*:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "4.0.0"
        },
        {
            "last_affected": "4.0.0"
        },
        {
            "introduced": "4.1.0"
        },
        {
            "last_affected": "4.1.0"
        },
        {
            "introduced": "4.1.1"
        },
        {
            "last_affected": "4.1.1"
        },
        {
            "introduced": "4.1.2"
        },
        {
            "last_affected": "4.1.2"
        },
        {
            "introduced": "4.2.0"
        },
        {
            "last_affected": "4.2.0"
        },
        {
            "introduced": "4.2.1"
        },
        {
            "last_affected": "4.2.1"
        },
        {
            "introduced": "4.2.2"
        },
        {
            "last_affected": "4.2.2"
        },
        {
            "introduced": "4.2.3"
        },
        {
            "last_affected": "4.2.3"
        },
        {
            "introduced": "4.2.4"
        },
        {
            "last_affected": "4.2.4"
        },
        {
            "introduced": "4.2.5"
        },
        {
            "last_affected": "4.2.5"
        },
        {
            "introduced": "4.2.6"
        },
        {
            "last_affected": "4.2.6"
        },
        {
            "introduced": "4.3.0"
        },
        {
            "last_affected": "4.3.0"
        },
        {
            "introduced": "4.3.1"
        },
        {
            "last_affected": "4.3.1"
        },
        {
            "introduced": "4.3.2"
        },
        {
            "last_affected": "4.3.2"
        },
        {
            "introduced": "4.4.0"
        },
        {
            "last_affected": "4.4.0"
        },
        {
            "introduced": "4.4.1"
        },
        {
            "last_affected": "4.4.1"
        },
        {
            "introduced": "4.4.2"
        },
        {
            "last_affected": "4.4.2"
        },
        {
            "introduced": "4.4.3"
        },
        {
            "last_affected": "4.4.3"
        },
        {
            "introduced": "4.4.4"
        },
        {
            "last_affected": "4.4.4"
        },
        {
            "introduced": "4.4.5"
        },
        {
            "last_affected": "4.4.5"
        },
        {
            "introduced": "4.4.6"
        },
        {
            "last_affected": "4.4.6"
        },
        {
            "introduced": "4.4.7"
        },
        {
            "last_affected": "4.4.7"
        },
        {
            "introduced": "4.5.0"
        },
        {
            "last_affected": "4.5.0"
        },
        {
            "introduced": "0.10.0"
        },
        {
            "last_affected": "0.10.0"
        },
        {
            "introduced": "0.10.1"
        },
        {
            "last_affected": "0.10.1"
        },
        {
            "introduced": "0.10.2"
        },
        {
            "last_affected": "0.10.2"
        },
        {
            "introduced": "0.10.3"
        },
        {
            "last_affected": "0.10.3"
        },
        {
            "introduced": "0.10.4"
        },
        {
            "last_affected": "0.10.4"
        },
        {
            "introduced": "0.10.5"
        },
        {
            "last_affected": "0.10.5"
        },
        {
            "introduced": "0.10.6"
        },
        {
            "last_affected": "0.10.6"
        },
        {
            "introduced": "0.10.7"
        },
        {
            "last_affected": "0.10.7"
        },
        {
            "introduced": "0.10.8"
        },
        {
            "last_affected": "0.10.8"
        },
        {
            "introduced": "0.10.9"
        },
        {
            "last_affected": "0.10.9"
        },
        {
            "introduced": "0.10.10"
        },
        {
            "last_affected": "0.10.10"
        },
        {
            "introduced": "0.10.11"
        },
        {
            "last_affected": "0.10.11"
        },
        {
            "introduced": "0.10.12"
        },
        {
            "last_affected": "0.10.12"
        },
        {
            "introduced": "0.10.13"
        },
        {
            "last_affected": "0.10.13"
        },
        {
            "introduced": "0.10.14"
        },
        {
            "last_affected": "0.10.14"
        },
        {
            "introduced": "0.10.15"
        },
        {
            "last_affected": "0.10.15"
        },
        {
            "introduced": "0.10.16"
        },
        {
            "last_affected": "0.10.16"
        },
        {
            "introduced": "0.10.16-isaacs-manual"
        },
        {
            "last_affected": "0.10.16-isaacs-manual"
        },
        {
            "introduced": "0.10.17"
        },
        {
            "last_affected": "0.10.17"
        },
        {
            "introduced": "0.10.18"
        },
        {
            "last_affected": "0.10.18"
        },
        {
            "introduced": "0.10.19"
        },
        {
            "last_affected": "0.10.19"
        },
        {
            "introduced": "0.10.20"
        },
        {
            "last_affected": "0.10.20"
        },
        {
            "introduced": "0.10.21"
        },
        {
            "last_affected": "0.10.21"
        },
        {
            "introduced": "0.10.22"
        },
        {
            "last_affected": "0.10.22"
        },
        {
            "introduced": "0.10.23"
        },
        {
            "last_affected": "0.10.23"
        },
        {
            "introduced": "0.10.24"
        },
        {
            "last_affected": "0.10.24"
        },
        {
            "introduced": "0.10.25"
        },
        {
            "last_affected": "0.10.25"
        },
        {
            "introduced": "0.10.26"
        },
        {
            "last_affected": "0.10.26"
        },
        {
            "introduced": "0.10.27"
        },
        {
            "last_affected": "0.10.27"
        },
        {
            "introduced": "0.10.28"
        },
        {
            "last_affected": "0.10.28"
        },
        {
            "introduced": "0.10.29"
        },
        {
            "last_affected": "0.10.29"
        },
        {
            "introduced": "0.10.30"
        },
        {
            "last_affected": "0.10.30"
        },
        {
            "introduced": "0.10.31"
        },
        {
            "last_affected": "0.10.31"
        },
        {
            "introduced": "0.10.32"
        },
        {
            "last_affected": "0.10.32"
        },
        {
            "introduced": "0.10.33"
        },
        {
            "last_affected": "0.10.33"
        },
        {
            "introduced": "0.10.34"
        },
        {
            "last_affected": "0.10.34"
        },
        {
            "introduced": "0.10.35"
        },
        {
            "last_affected": "0.10.35"
        },
        {
            "introduced": "0.10.36"
        },
        {
            "last_affected": "0.10.36"
        },
        {
            "introduced": "0.10.37"
        },
        {
            "last_affected": "0.10.37"
        },
        {
            "introduced": "0.10.38"
        },
        {
            "last_affected": "0.10.38"
        },
        {
            "introduced": "0.10.39"
        },
        {
            "last_affected": "0.10.39"
        },
        {
            "introduced": "0.10.40"
        },
        {
            "last_affected": "0.10.40"
        },
        {
            "introduced": "0.10.41"
        },
        {
            "last_affected": "0.10.41"
        },
        {
            "introduced": "0.10.42"
        },
        {
            "last_affected": "0.10.42"
        },
        {
            "introduced": "0.10.43"
        },
        {
            "last_affected": "0.10.43"
        },
        {
            "introduced": "0.10.44"
        },
        {
            "last_affected": "0.10.44"
        },
        {
            "introduced": "0.10.45"
        },
        {
            "last_affected": "0.10.45"
        },
        {
            "introduced": "0.10.46"
        },
        {
            "last_affected": "0.10.46"
        },
        {
            "introduced": "0.12.0"
        },
        {
            "last_affected": "0.12.0"
        },
        {
            "introduced": "0.12.1"
        },
        {
            "last_affected": "0.12.1"
        },
        {
            "introduced": "0.12.2"
        },
        {
            "last_affected": "0.12.2"
        },
        {
            "introduced": "0.12.3"
        },
        {
            "last_affected": "0.12.3"
        },
        {
            "introduced": "0.12.4"
        },
        {
            "last_affected": "0.12.4"
        },
        {
            "introduced": "0.12.5"
        },
        {
            "last_affected": "0.12.5"
        },
        {
            "introduced": "0.12.6"
        },
        {
            "last_affected": "0.12.6"
        },
        {
            "introduced": "0.12.7"
        },
        {
            "last_affected": "0.12.7"
        },
        {
            "introduced": "0.12.8"
        },
        {
            "last_affected": "0.12.8"
        },
        {
            "introduced": "0.12.9"
        },
        {
            "last_affected": "0.12.9"
        },
        {
            "introduced": "0.12.10"
        },
        {
            "last_affected": "0.12.10"
        },
        {
            "introduced": "0.12.11"
        },
        {
            "last_affected": "0.12.11"
        },
        {
            "introduced": "0.12.12"
        },
        {
            "last_affected": "0.12.12"
        },
        {
            "introduced": "0.12.13"
        },
        {
            "last_affected": "0.12.13"
        },
        {
            "introduced": "0.12.14"
        },
        {
            "last_affected": "0.12.14"
        },
        {
            "introduced": "0.12.15"
        },
        {
            "last_affected": "0.12.15"
        },
        {
            "introduced": "6.0.0"
        },
        {
            "last_affected": "6.0.0"
        },
        {
            "introduced": "6.1.0"
        },
        {
            "last_affected": "6.1.0"
        },
        {
            "introduced": "6.2.0"
        },
        {
            "last_affected": "6.2.0"
        },
        {
            "introduced": "6.2.1"
        },
        {
            "last_affected": "6.2.1"
        },
        {
            "introduced": "6.2.2"
        },
        {
            "last_affected": "6.2.2"
        },
        {
            "introduced": "6.3.0"
        },
        {
            "last_affected": "6.3.0"
        },
        {
            "introduced": "6.3.1"
        },
        {
            "last_affected": "6.3.1"
        },
        {
            "introduced": "6.4.0"
        },
        {
            "last_affected": "6.4.0"
        },
        {
            "introduced": "6.5.0"
        },
        {
            "last_affected": "6.5.0"
        },
        {
            "introduced": "6.6.0"
        },
        {
            "last_affected": "6.6.0"
        }
    ],
    "source": [
        "CPE_STRING",
        "REFERENCES"
    ]
}

Affected versions

0.*
0.10.0
0.10.1
0.10.10
0.10.11
0.10.12
0.10.13
0.10.14
0.10.15
0.10.16
0.10.17
0.10.18
0.10.19
0.10.2
0.10.20
0.10.21
0.10.22
0.10.23
0.10.24
0.10.25
0.10.26
0.10.27
0.10.28
0.10.29
0.10.3
0.10.30
0.10.31
0.10.32
0.10.33
0.10.34
0.10.35
0.10.36
0.10.37
0.10.38
0.10.39
0.10.4
0.10.40
0.10.41
0.10.42
0.10.43
0.10.44
0.10.45
0.10.46
0.10.5
0.10.6
0.10.7
0.10.8
0.10.9
0.12.0
0.12.1
0.12.10
0.12.11
0.12.12
0.12.13
0.12.14
0.12.15
0.12.2
0.12.3
0.12.4
0.12.5
0.12.6
0.12.7
0.12.8
0.12.9
4.*
4.0.0
4.1.0
4.1.1
4.1.2
4.2.0
4.2.1
4.2.2
4.2.3
4.2.4
4.2.5
4.2.6
4.3.0
4.3.1
4.3.2
4.4.0
4.4.1
4.4.2
4.4.3
4.4.4
4.4.5
4.4.6
4.4.7
4.5.0
6.*
6.0.0
6.1.0
6.2.0
6.2.1
6.2.2
6.3.0
6.3.1
6.4.0
6.5.0
6.6.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-5325.json"