[perlgeek]

There are scenarios, but they are pretty out there.

For example, a service might import hashed passwords from a directory, and an attacker has limited influence on the network connection to cause some random-ish data corruption.

> Like, its a really interesting security adjacent bug, but clearly not a security issue.

I kinda disagree. We often think of security in layers, and an unexpected fail-open behavior in any layer should be treated as a (potential) security issue.

The impact might be low because you expect another layer (like protection of the password database) to prevent exploits, but there could always be corner cases where that assumption doesn't hold 100%, especially in something as fundamental as a language built-in, a system call or something like that.

So IMHO it's pretty low severity, but still a security issue.