The vulnerability as described in ISO/IEC 24772-1:2019 clause 6.56 applies to C++. In ISO/IEC 14882:2017, the terms “undefined behaviour” and “ill-formed, no diagnostic required” expose situations to be avoided.
To avoid the vulnerability or mitigate its ill effects, C++ software developers can:
Follow the avoidance mechanisms of ISO/IEC 24772-1 clause 6.56.5.
Use static analysis tools to help identify occurrences of undefined behaviour.
Augment static analysis tool usage with runtime tools such as ASAN (address sanitizer) and related tools.
Use multiple compilers/tools and different optimization levels to increase the chance of identifying constructs that have undefined behaviours.
Where the C++ language provides defined behaviour mechanisms and undefined behaviour mechanisms, mandate the use the mechanisms with defined behaviours.