Not a signal developer, but I would imagine it would be fairly simple that the same bug also encrypted the message with the eventual receiver’s key (as opposed to the intended receiver’s key). Resulting in a message which the eventual receiver could decrypt but not the intended receiver.