Lighttpd is a light weight web server
lighttpd is subject to an out-of-bounds read due to signedness error as described in CVE-2011-4362
The vulnerability was fixed by commit 6c9dff7cda6593d9a566413347dd5adfe80c86a8. A description of the fix is here
Full Report
The projects listed below potentially contain the vulnerability and have been touched in 2020.

    blob = 0c0c4a587490dd0b7842a637c02dec91c1fca9c4

  1. commit = 21e6a6f59b65b03b6aee1449d0f23567308483cf
    head_commit = 786d4f86d17468b2f007f6a4f2e06f90869bb1bc (2020-03-07:17:07:02)
    path = user/tw-prog.priv/lighttpd_mtk/lighttpd-1.4.24/src/http_auth.c
    project = github.com/LeonardKoenig/DIR882A1-GPL
    note: yes

  2. commit = bf52438c1d8949f948a6bbc5081fcd807bb98a6f
    head_commit = c4d7ef995df580296cfedb5169d4dbba6db7d067 (2020-05-29:09:57:50)
    path = user/lighttpd-1.4.25/src/http_auth.c
    project = github.com/nij4t/mlwg2-sdk
    note: yes

    blob = d2e39e95eb1f632a3cb24d2b412f79d2c77e924e

  3. commit = 2899495579ba9c111979472ad19576c9d1071d06
    head_commit = 786d4f86d17468b2f007f6a4f2e06f90869bb1bc (2020-03-07:17:07:02)
    path = user/lighttpd-1.4.20/src/http_auth.c
    path = user/tw-prog.priv/lighttpd_mtk/lighttpd-1.4.20/src/http_auth.c
    project = github.com/LeonardKoenig/DIR882A1-GPL
    note: yes

  4. commit = dac5286f42153dc2d27989dbea98274ecb045474
    head_commit = dac5286f42153dc2d27989dbea98274ecb045474 (2020-04-09:12:00:55)
    path = src/http_auth.c
    project = github.com/cyberknight01/lighttpd-1.4.20
    note: yes