CVE-2021-29941: 
Rust vulnerability analysis and mitigation

An issue was discovered in the reorder crate through 2021-02-24 for Rust. The vulnerability (CVE-2021-29941) involves an out-of-bounds write vulnerability in the swap_index function when an iterator returns a len() that is too small (RUSTSEC Advisory).

The swapindex function takes an iterator and swaps items with their corresponding indexes. The function reserves capacity and sets the vector length based on the iterator's .len() method. If the len() returned by the iterator is smaller than the actual number of members yielded, swapindex can perform an out-of-bounds write past its allocated vector. The vulnerability has been assigned a CVSS v3.1 score of 7.3 (HIGH) with vector AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L (RUSTSEC Advisory).

The vulnerability can lead to memory corruption through out-of-bounds writes when the iterator's len() value is incorrect. This could potentially allow attackers to corrupt memory and cause undefined behavior in applications using the affected versions of the crate (RUSTSEC Advisory).

The issue has been fixed in version 1.1.0 of the reorder crate, where the swap_index function has been marked as unsafe. All previous versions have been yanked from crates.io. Users should upgrade to version 1.1.0 or later (RUSTSEC Advisory).