lighttpd is an open source web server. buffer overflow vulnerability exists in versions 1.4.46 to 1.4.63 of lighttpd, which stems from the failure of the mod_extforward_Forwarded function in the product’s mod_extforward plugin to effectively handle memory boundaries. An attacker could exploit this vulnerability to cause a buffer overflow.