The vulnerability as documented in ISO/IEC TR 24772-1:2019 clause 6.50 exists for C++. In particular the issue of the failing dynamic initialization of namespace-scope objects exists in C++.
When dynamic initialization of a namespace-scope object fails with an exception, the exception cannot be caught and the program is terminated. Function-scope static objects, in contrast, are initialized the first time execution passes through the declaration. Using function-scope static objects in preference to dynamic initialization ensures that there is always an enclosing function that could catch the exception.
exception_prone_type troubling_object;
// An exception from the constructor could cause termination.
// The following function always returns a reference to the same object,
// which is initialized the first time this function is called.
// If initialization fails, it will be retried on the next call.
exception_prone_type& safer_object()
{
static exception_prone_type the_safer_object;
return the_safer_object;
}To avoid the vulnerability or mitigate its ill effects, C++ software developers can:
Expect functions not marked noexcept to throw exceptions of arbitrary type, excluding all destructors, which are are implicitly noexcept.
Follow the avoidance mechanisms of clause 6.36.2 for catching and handling exceptions.
Prefer function-scope static objects to namespace-scope objects for objects needing dynamic initialization.