[peoplefromibiza]

> 1.9.5p2, CVE-2021-3156

> 1.8.26, CVE-2019-18634

> 1.8.0-to-1.9.12, CVE-2022-43995

interestingly these would not be a problem in a language like Pascal that is not memory safe, but has runtime bounds checks enabled by default or C++ that has flags to enable it

So we are left with one over at least a 100

another interesting thing IMO is that the bugs have been sitting there for a long time, so they are probably not obvious and nobody can be sure there aren't similar sleeping bugs in today's software written in safer languages.

This is not against memory-safe languages, mind you, I prefer Rust over C or C++ any day, I simply found that the original claim seemed too bold compared to the actual data and failed IMO to prove that sudo is ridden by easily exploitable memory bugs.