Heartbleed was duplicated in Rust.

Very often breaches can be found to be in cloud permission configurations.

There are many business-rules-level vulnerabilities.

The following post will give some insight: https://www.nccgroup.com/us/about-us/newsroom-and-events/blo...

> Heartbleed was duplicated in Rust.

There's a big difference between intentionally duplicating a known flaw in a safe language an unintentionally producing a new exploitable flaw in a safe language.

The point is not whether or not it is intentional, but to illustrate that many vulnerabilities exist that don't depend on memory unsafety.

Yes. https://github.com/frohoff/ysoserial https://github.com/pwntester/ysoserial.net

As the many responses indicate, you've set the bar way too high here. A more narrow question could be something like:

"Did someone ever find an exploitable bug of the type it was intended to be safe from?" In other words, are there examples of the safety guarantees themselves being exploited?

The answer to this is "of course there have." An entire class of such exploits can be derived from CVE-2009-3869. Java 6 and older did not randomize address space, so any ability to write arbitrary memory was easy to exploit. There are other examples.

Sure, SQL injection is a good example. Forgetting to check permissions is another.

You need to give your intuitions a good hard shake. Most of the software written over the last decade and a half has been written in memory-safe languages. Almost every bug bounty program is run for software written primarily in memory-safe languages. Is it your impression that game-over bugs in those things are rare?

Have you ever heard of PHP ?