When reading distro security list mails, I frequently see that a discovered vulnerability could cause foo to "crash, resulting in a denial of service, or possibly execute arbitrary code". This exact phrasing is used verbatim across quite frequently, but usually there's not much additional info.
What kind of vulnerability are they talking about? Is this a buffer overread? Use after free?
The label is pretty transparent, but yes, I think you are right in assuming it's mostly memory management problems. These are the most frequent cause of crash, as it will either cause the OS to kill the buggy process, or the program itself to crash trying to process corrupted data.
In most FOSS projects, you will be able to get more details on each vulnerability. When you encounter one, look closer to discover which type of bug it is.
In general, that means "we found a bug, it causes crashes. A clever person might be able to turn it into something even more powerful but we don't have the time to study it ourselves".
Yes, it means buffer overread. Yes, it means a UAF. It also means a refcount overflow, and a double-free, and a (insert your class of bug here). The reason for this is that many bugs are first found because they cause crashes due to messing with memory. An innocent, accidentally found bug, or one found with dynamic analysis (fuzzing) won't just happen to come out with a perfectly formed code execution exploit, complete with shellcode and printf("w00t w00t\n");. It often takes a lot of work to turn a bug that causes a crash into something that causes such predictable memory corruption that it hijacks the program in a way you want. So as a result, they're almost all "crashes, that might, with effort, be able to be used for code exec".
If you are asking from a defender's point of view, it means "this is a severe arbitrary code execution vulnerability so fix it NOW".
If you're asking from a vendor's point of view, it means "aw, it's nothing, just a little crash, nothing to see here folks btw quick someone get me PR department".
crash=program or thread stops running
denial of service= normal users can't access it because it is down,flooded with fake requests, or the hacker has used up all the CPU,memory,and/or disk and your program can't function.
example: (d)dos attack, upload a zip file containing 10gb of a (or whatever) which will compress to a tiny upload, but possible exhaust all your RAM or the portion of hard disk reserved for decompressing files.
Execute arbitrary code=the hacker can run anything they want and basically they own your system remotely. usually they inject a RAT,ssh, and/or irc for remote commmand and control.
Usually, buffer over runs and under runs, but there are so many different kinds. Code injection, stack over flows.
