There exists use-after-free vulnerabilities in lighttpd <= 1.4.50 request parsing which might read from invalid pointers to memory used in the same request, not from other requests.
[
{
"vendor": "lighttpd",
"product": "lighttpd",
"versions": [
{
"status": "affected",
"version": "*",
"lessThanOrEqual": "1.4.50",
"versionType": "custom"
}
]
}
]