| > You can write memory safe code in C (Redis, SQLite, OpenBSD, Git, etc), Do you think that this is a list of software that have never had memory bugs? It really is not practically possible to completely avoid a large class of memory bugs in C in just about any kind of very large commercial or open source codebase. Redis CVE-2025-49844 ("RediShell"): use-after-free in bundled Lua parser
https://github.com/redis/redis/security/advisories/GHSA-4789... CVE-2022-24834: heap overflow in Lua cjson/cmsgpack
https://github.com/redis/redis/security/advisories/GHSA-p8x2... CVE-2021-32761: OOB read / integer overflow in BIT commands
https://security-tracker.debian.org/tracker/CVE-2021-32761 CVE-2023-41056: heap overflow on buffer resizing
https://github.com/redis/redis/releases/tag/7.0.15 CVE-2021-32765: integer overflow to heap overflow in hiredis
https://github.com/redis/redis/security/advisories/GHSA-833w... Sqlite CVE-2020-11656: use-after-free in ALTER TABLE
https://bugzilla.redhat.com/show_bug.cgi?id=1824185 CVE-2022-35737: array-bounds overflow in printf engine
https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability... CVE-2023-7104: heap overflow in session extension
https://sqlite.org/forum/forumpost/5bcbf4571c CVE-2020-9327: NULL pointer dereference in isAuxiliaryVtabOperator
https://nvd.nist.gov/vuln/detail/CVE-2020-9327 CVE-2019-9936: heap over-read in FTS5
https://nvd.nist.gov/vuln/detail/CVE-2019-9936 OpenBSD CVE-2023-25136: pre-auth double-free in OpenSSH sshd
https://seclists.org/oss-sec/2023/q1/92 CVE-2022-27882: heap overflow in slaacd
https://blog.quarkslab.com/heap-overflow-in-openbsds-slaacd-... errata 70/003: kernel memory leak closing unix sockets
https://www.openbsd.org/errata70.html errata 74/018: buffer over-read in sndiod
https://www.openbsd.org/errata74.html errata 78/013: use-after-free in httpd chunked encoding
https://www.openbsd.org/errata78.html Git CVE-2022-41903: OOB write in pretty.c format_and_pad_commit()
https://github.com/git/git/security/advisories/GHSA-475x-2q3... CVE-2022-23521: OOB write/read in .gitattributes parsing
https://nvd.nist.gov/vuln/detail/cve-2022-23521 CVE-2022-39260: heap overflow in git shell split_cmdline()
https://github.com/git/git/security/advisories/GHSA-rjr6-wcq... CVE-2016-2315: heap overflow in path_name()
https://bugs.launchpad.net/bugs/cve/2016-2315 CVE-2016-2324: integer overflow to heap overflow (nested trees)
https://nvd.nist.gov/vuln/detail/CVE-2016-2324 |