7.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2021-29941

GHSA ID

GHSA-3h87-v52r-p9rg

EPSS Score

0.56759%

CWE

CWE-787

Published

8/25/2021

Updated

6/13/2023

KEV Status

Technology

Rust

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2021-29941

CVE-2021-29941: Out of bounds write in reorder

swap_index takes an iterator and swaps the items with their corresponding indexes. It reserves capacity and sets the length of the vector based on the .len() method of the iterator.

If the len() returned by the iterator is larger than the actual number of elements yielded, then swap_index creates a vector containing uninitialized members. If the len() returned by the iterator is smaller than the actual number of members yielded, then swap_index can write out of bounds past its allocated vector.

As noted by the Rust documentation, len() and size_hint() are primarily meant for optimization and incorrect values from their implementations should not lead to memory safety violations.

(GitHub Advisory)

7.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2021-29941

GHSA ID

GHSA-3h87-v52r-p9rg

EPSS Score

0.56759%

CWE

CWE-787

Published

8/25/2021

Updated

6/13/2023

KEV Status

Technology

Rust

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
reorder	rust	< 1.1.0	1.1.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability description and GitHub issue explicitly reference swap_index as the function that improperly trusts the iterator's len() method. The code shown in the GitHub issue demonstrates unsafe memory handling through: 1) Vector capacity allocation based on untrusted len(), 2) Unsafe slice creation with reported len(), 3) Index writes without bounds checking against actual yielded elements. The advisory confirms the fix required marking this function as unsafe, directly implicating it as the vulnerable component.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

sw*p_in**x t*k*s *n it*r*tor *n* sw*ps t** it*ms wit* t**ir *orr*spon*in* in**x*s. It r*s*rv*s **p**ity *n* s*ts t** l*n*t* o* t** v**tor **s** on t** .l*n() m*t*o* o* t** it*r*tor. I* t** l*n() r*turn** *y t** it*r*tor is l*r**r t**n t** **tu*l num

Reasoning

T** vuln*r**ility **s*ription *n* *it*u* issu* *xpli*itly r***r*n** `sw*p_in**x` *s t** *un*tion t**t improp*rly trusts t** it*r*tor's `l*n()` m*t*o*. T** *o** s*own in t** *it*u* issu* **monstr*t*s uns*** m*mory **n*lin* t*rou**: *) V**tor **p**ity

7.3

Basic Information

Concerned about an active attack path?

CVE-2021-29941: Out of bounds write in reorder

7.3

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI