Yes, that's a bug. Here's what qwerty said about it in an earlier post:
$regsub can also crash mirc, but for reasons that have nothing to do with the regex part: mirc doesn't check the length of text to be put in the %var specified in $regsub(), so it overflows, fex: $regsub($str(a,500),/a/g,aa,%a)