Validating input is important for making sure it matches what it should or even claims. Non validated input means it failed the test or was never even tested so it could do bad things to your system

Heartbleed is a good example exploit of this. You could send a specific packet to a server with a string, tell it how many letters you sent, and it would send it back as a “heartbeat”(thus the exploit name). You could send “Hello{5}” and get back “Hello”

But they didn’t validate the packet. You could also send “Hello{255}” and get back “Hello67&-()83)9))The secret code for the air shield is 12345….” as the software would start reading from memory where it saved the word then read out the suggested number of characters even if it wasn’t supposed to have access

The solution? Validate your inputs!