CVE-2021-29941: Out of bounds write in reorder
7.3
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.56759%
CWE
Published
8/25/2021
Updated
6/13/2023
KEV Status
No
Technology
Rust
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
reorder | rust | < 1.1.0 | 1.1.0 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability description and GitHub issue explicitly reference swap_index
as the function that improperly trusts the iterator's len()
method. The code shown in the GitHub issue demonstrates unsafe memory handling through: 1) Vector capacity allocation based on untrusted len()
, 2) Unsafe slice creation with reported len()
, 3) Index writes without bounds checking against actual yielded elements. The advisory confirms the fix required marking this function as unsafe, directly implicating it as the vulnerable component.