···11+---
22+title: '"No way to prevent this" say users of only language where this regularly happens'
33+date: 2024-06-27
44+series: "no-way-to-prevent-this"
55+type: blog
66+hero:
77+ ai: "Photo by Andrea Piacquadio, source: Pexels"
88+ file: sad-business-man
99+ prompt: A forlorn business man resting his head on a brown wall next to a window.
1010+---
1111+1212+In the hours following the release of [CVE-2024-28820](https://www.tenable.com/cve/CVE-2024-28820) for the project [OpenVPN Auth-LDAP](https://github.com/threerings/openvpn-auth-ldap), site reliability workers
1313+and systems administrators scrambled to desperately rebuild and patch all their systems to fix a vulnerability where passing fourteen colons into the password field when the attacker knows a valid username, causing a buffer overflow. This is due to the affected components being
1414+written in C, the only programming language where these vulnerabilities regularly happen. "This was a terrible tragedy, but sometimes
1515+these things just happen and there's nothing anyone can do to stop them," said programmer King Edmond Wiegand, echoing statements
1616+expressed by hundreds of thousands of programmers who use the only language where 90% of the world's memory safety vulnerabilities have
1717+occurred in the last 50 years, and whose projects are 20 times more likely to have security vulnerabilities. "It's a shame, but what can
1818+we do? There really isn't anything we can do to prevent memory safety vulnerabilities from happening if the programmer doesn't want to
1919+write their code in a robust manner." At press time, users of the only programming language in the world where these vulnerabilities
2020+regularly happen once or twice per quarter for the last eight years were referring to themselves and their situation as "helpless."