CVE-2021-29942: 
Rust vulnerability analysis and mitigation

An issue was discovered in the reorder crate through 2021-02-24 for Rust. The swap_index function can return uninitialized values if an iterator returns a len() that is too large, and can write out of bounds if len() is too small. This vulnerability is tracked as CVE-2021-29942 with a CVSS score of 7.3 (HIGH) (RustSec Advisory).

The vulnerability exists in the swapindex function which swaps items with their corresponding indexes. The function reserves capacity and sets vector length based on the iterator's len() method. If len() returns a value larger than actual elements, the function creates a vector with uninitialized members. If len() returns a value smaller than actual elements, it can write beyond the allocated vector bounds. This violates Rust's documentation stating that len() and sizehint() are meant for optimization and shouldn't cause memory safety issues (RustSec Advisory).

The vulnerability can lead to memory corruption through out-of-bounds writes and exposure of uninitialized memory. This affects memory safety and could potentially be exploited for information disclosure or program crashes (RustSec Advisory).

The issue has been fixed in version 1.1.0 of the reorder crate, where the swap_index function is now marked as unsafe. All previous versions have been yanked from crates.io. Users should upgrade to version 1.1.0 or later (RustSec Advisory).