Tiby312

**Name of the Vulnerable Software and Affected Versions** reorder crate through 2021-02-24 for Rust **Description** An issue was discovered in the reorder crate where the `swap index` function can have an out-of-bounds write if an iterator returns a `len()` that is too small. The `swap index` function takes an iterator and swaps the items with their corresponding indexes, reserving capacity and setting the length of the vector based on the `len()` method of the iterator. If the `len()` returned by the iterator is larger than the actual number of elements yielded, then `swap index` creates a vector containing uninitialized members. If the `len()` returned by the iterator is smaller than the actual number of members yielded, then `swap index` can write out of bounds past its allocated vector. **Recommendations** For versions prior to 1.1.0, update the reorder crate to version 1.1.0, which marks the `swap index` function as unsafe. As a temporary workaround, consider avoiding the use of the `swap index` function until the issue is resolved.