Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNoODctdjUyci1wOXJn

Out of bounds write in reorder

swap_index takes an iterator and swaps the items with their corresponding indexes. It reserves capacity and sets the length of the vector based on the .len() method of the iterator.

If the len() returned by the iterator is larger than the actual number of elements yielded, then swap_index creates a vector containing uninitialized members. If the len() returned by the iterator is smaller than the actual number of members yielded, then swap_index can write out of bounds past its allocated vector.

As noted by the Rust documentation, len() and size_hint() are primarily meant for optimization and incorrect values from their implementations should not lead to memory safety violations.

Permalink: https://github.com/advisories/GHSA-3h87-v52r-p9rg
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNoODctdjUyci1wOXJn
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 3 years ago
Updated: over 1 year ago


CVSS Score: 7.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Percentage: 0.00177
EPSS Percentile: 0.55513

Identifiers: GHSA-3h87-v52r-p9rg, CVE-2021-29941
References: Repository: https://github.com/tiby312/reorder
Blast Radius: 4.4

Affected Packages

cargo:reorder
Dependent packages: 2
Dependent repositories: 4
Downloads: 12,271 total
Affected Version Ranges: < 1.1.0
Fixed in: 1.1.0
All affected versions: 1.0.0, 1.0.1, 1.0.2, 1.0.3
All unaffected versions: 1.1.0, 1.2.0, 2.0.0, 2.0.1, 2.1.2, 2.1.3