The SSL bug in this case happened because the programmers had wrong assumption about the network input (namely it doesn't contain the zero byte value).
This type of wrong assumption can be made in any language. And this bug doesn't make buffer overflows or any other exploitable activities possible, so they are not dangerous in a way that 'usual' C code can be dangerous.
Still it is a serious threat regarding the widespread usage of that particular library.
This type of wrong assumption can be made in any language. And this bug doesn't make buffer overflows or any other exploitable activities possible, so they are not dangerous in a way that 'usual' C code can be dangerous.
Still it is a serious threat regarding the widespread usage of that particular library.