I wouldn't be so sure, heap corruption can very often result in arbitrary code execution. See http://en.wikipedia.org/wiki/Heap_overflow
Throwing random data at a vulnerable router will just crash the SSHD, but a targeted exploit could definitely compromise the router if SSH is available remotely.
My compliments to Mikrotik for responding to this with patches in a timely fashion. I haven't tested them yet, but I will.
R1CH is absolutely right. There is a long history of vendors claiming that a "crash is just a crash" but if you spend any time with exploit development it becomes clear that many overflows provide a mechanism for an experienced attacker to execute arbitrary code. It's not as difficult as you might think, especially if you have ever written code in environments where you had to really understand the nuances of things like page alignment and memory allocation.
I'm a user and fan of ROS, and recommend it to many people, but when it comes to security vulnerabilities, it is important to set aside personal feelings and take time to understand the implications.
Describing the implications of security vulnerabilities should never be construed as an "attack" on your favorite product. Remember that every iPhone jailbreak started with something crashing when it shouldn't.