2 matches found
DIG: Oracle-Guided Directed Input Generation for One-Day Vulnerabilities
One-day vulnerabilities pose significant risks due to delayed or incomplete patch adoption. Generating proof-of-concept PoC inputs is therefore essential for assessing real-world impact. The key challenge is identifying necessary constraints for triggering the vulnerability and solving them...
Chasing One-Day Vulnerabilities across Open Source Forks
Tracking vulnerabilities inherited from third-party open-source components is a well-known challenge, often addressed by tracing the threads of dependency information. However, vulnerabilities can also propagate through forking: a repository forked after the introduction of a vulnerability, but...