Description
In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system.
Remediation
References
Related Vulnerabilities
SharePoint CVE-2022-41103 Vulnerability (CVE-2022-41103)
WordPress Plugin Coming Soon & Maintenance Mode Page Unspecified Vulnerability (1.40)
MySQL CVE-2021-2299 Vulnerability (CVE-2021-2299)
Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-4223)
WordPress Deserialization of Untrusted Data Vulnerability (CVE-2022-21663)