One premise of a RAND study into zero-day vulnerabilities, is that they are useful in cyber operations - whether by criminals, militaries or governments.
Researchers out to demonstrate inherent weaknesses in the SHA-1 internet security standard announced they had broken the legacy cryptographic algorithm using a so-called collision attack.
One errant character in a coding string caused a buffer overrun which, in turn, led to a memory leak that dumped personal data in plaintext from a variety of Cloudflare's customers' sites.