Potentially a new named vulnerability class/set of vulns. Its integer overflows in the size calculations, specifically within the allocator code. I think that definitely makes them bugs, but we don’t really need a new name. In-fact “bad alloc” I think hides and makes it more difficult to talk about rather than just saying its bad calculations inside the allocator.

The gist of it is various allocators (largely in real-time OS and other constrained environments) might do a calculation to decide on how much memory to alloc. Think of something like calloc doing a multiplication of number of elements * size of each element, then not checking for an integer overflow. It is definitely a bug leading to an overflow but calling it “bad alloc” instead of talking about the vuln class itself I think is just obscuring the issue.