CVE-2021-29942 – reorder

Package

Manager: cargo
Name: reorder
Vulnerable Version: >=0 <1.1.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: 0.00349 pctl0.56697

Details

Out of bounds write in reorder swap_index takes an iterator and swaps the items with their corresponding indexes. It reserves capacity and sets the length of the vector based on the .len() method of the iterator. If the len() returned by the iterator is larger than the actual number of elements yielded, then swap_index creates a vector containing uninitialized members. If the len() returned by the iterator is smaller than the actual number of members yielded, then swap_index can write out of bounds past its allocated vector. As noted by the Rust documentation, len() and size_hint() are primarily meant for optimization and incorrect values from their implementations should not lead to memory safety violations.

Metadata

Created: 2021-08-25T20:54:10Z
Modified: 2023-06-13T20:49:19Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-jpwg-6gf5-5vh9/GHSA-jpwg-6gf5-5vh9.json
CWE IDs: ["CWE-787"]
Alternative ID: GHSA-jpwg-6gf5-5vh9
Finding: F111
Auto approve: 1