You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

YAML Metadata Warning:empty or missing yaml metadata in repo card

Check out the documentation for more information.

PoC: CatBoost OOB via TreeSplits Indices in .cbm Model

SECURITY RESEARCH ONLY

CatBoost's binary model format (.cbm) uses FlatBuffers. The TreeSplits array contains indices into BinFeatures[], but these indices are never bounds-checked. A crafted .cbm with TreeSplits[i] > BinFeatures.size() causes OOB heap access.

Affected: catboost/libs/model/model.cpp:558-560 Trigger: catboost.CatBoostClassifier().load_model("malicious.cbm")

See craft_cbm.py for instructions on creating the malicious .cbm.

Submitted by Ryan @ Fan Pier Labs

Downloads last month: -; Downloads are not tracked for this model. How to track

Inference Providers NEW

This model isn't deployed by any Inference Provider. 🙋 Ask for provider support