{"id":"RUSTSEC-2021-0050","summary":"swap_index can write out of bounds and return uninitialized memory","details":"`swap_index` takes an iterator and swaps the items with their corresponding\nindexes. It reserves capacity and sets the length of the vector based on the\n`.len()` method of the iterator.\n\nIf the `len()` returned by the iterator is larger than the actual number of\nelements yielded, then `swap_index` creates a vector containing uninitialized\nmembers. If the `len()` returned by the iterator is smaller than the actual\nnumber of members yielded, then `swap_index` can write out of bounds past\nits allocated vector.\n\nAs noted by the Rust documentation, [`len()`](https://doc.rust-lang.org/std/iter/trait.ExactSizeIterator.html#method.len)\nand `size_hint()` are primarily meant for optimization and incorrect values\nfrom their implementations should not lead to memory safety violations.\n\n\n# Patch\n\nA new version crate was pushed that marks this function as unsafe.\n\nreorder = \"1.1.0\"\n\nPrevious versions have also been yanked from crates.io.","aliases":["CVE-2021-29941","CVE-2021-29942","GHSA-3h87-v52r-p9rg","GHSA-jpwg-6gf5-5vh9"],"modified":"2023-11-08T04:05:44.188314Z","published":"2021-02-24T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/reorder"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2021-0050.html"},{"type":"REPORT","url":"https://github.com/tiby312/reorder/issues/1"}],"affected":[{"package":{"name":"reorder","ecosystem":"crates.io","purl":"pkg:cargo/reorder"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"1.1.0"}]}],"ecosystem_specific":{"affects":{"arch":[],"os":[],"functions":[]},"affected_functions":null},"database_specific":{"cvss":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2021-0050.json","categories":[],"informational":null}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}]}