Miggo Logo

CVE-2021-29941: Out of bounds write in reorder

7.3

CVSS Score
3.1

Basic Information

EPSS Score
0.56759%
Published
8/25/2021
Updated
6/13/2023
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Package NameEcosystemVulnerable VersionsFirst Patched Version
reorderrust< 1.1.01.1.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability description and GitHub issue explicitly reference swap_index as the function that improperly trusts the iterator's len() method. The code shown in the GitHub issue demonstrates unsafe memory handling through: 1) Vector capacity allocation based on untrusted len(), 2) Unsafe slice creation with reported len(), 3) Index writes without bounds checking against actual yielded elements. The advisory confirms the fix required marking this function as unsafe, directly implicating it as the vulnerable component.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

sw*p_in**x t*k*s *n it*r*tor *n* sw*ps t** it*ms wit* t**ir *orr*spon*in* in**x*s. It r*s*rv*s **p**ity *n* s*ts t** l*n*t* o* t** v**tor **s** on t** .l*n() m*t*o* o* t** it*r*tor. I* t** l*n() r*turn** *y t** it*r*tor is l*r**r t**n t** **tu*l num

Reasoning

T** vuln*r**ility **s*ription *n* *it*u* issu* *xpli*itly r***r*n** `sw*p_in**x` *s t** *un*tion t**t improp*rly trusts t** it*r*tor's `l*n()` m*t*o*. T** *o** s*own in t** *it*u* issu* **monstr*t*s uns*** m*mory **n*lin* t*rou**: *) V**tor **p**ity