What's the security risk of unicode nulls?

The commonmark spec says:

For security reasons, the Unicode character U+0000 must be replaced with the REPLACEMENT CHARACTER ( U+FFFD ).

Is it just that nulls are string terminators in C, or is there something that makes it dangerous even outside of C?

1 Like