[SSLy]

plainly, crash = DoS = security issue = CVE.

QED.

[michaelt]

BRB, raising a CVE complaining the OOM killer exists.

[pamcake]

Memory leaks are usually (accurately) treated as DoS. OoM killer is a mitigation to contain them and not DoS the entire OS.

[worthless-trash]

I could be wrong. But operation by design isn't considered a bug.

[samus]

It is if some other condition is violated that is more important. Then the design might have to be reconsidered.

[suspended_state]

If it is faulty, then it's not a bug, it's a flaw.

[lfllfkddl]

It is possible to design a security vulnerability.

[worthless-trash]

Oh, now that is an exciting area.

[SSLy]

you either get OOMed or next malloc fails and that's also going to wreck havoc