13 matches found
MemRepair: Hierarchical Memory for Agentic Repository-Level Vulnerability Repair
Modern software ecosystems face a rapidly growing number of disclosed vulnerabilities, increasing the need for automated repair techniques that can operate reliably at repository scale. Although Large Language Model LLM-based agents have recently shown promise for automated vulnerability repair...
Root-Cause-Driven Automated Vulnerability Repair
Recent LLM-based systems have made automated vulnerability repair increasingly practical, but two challenges remain. First, without strong signals about where a bug originates, repair agents drift toward shallow edits that silence the observed failure while leaving the underlying defect unresolve...
VulKey: Automated Vulnerability Repair Guided by Domain-Specific Repair Patterns
The increasing prevalence of software vulnerabilities highlights the need for effective Automatic Vulnerability Repair AVR tools. While LLM-based approaches are promising, they struggle to incorporate structured security knowledge from sources like CWE and NVD. Current methods either use this...
PatchIsland: Orchestration of LLM Agents for Continuous Vulnerability Repair
Continuous fuzzing platforms such as OSS-Fuzz uncover large numbers of vulnerabilities, yet the subsequent repair process remains largely manual. Unfortunately, existing Automated Vulnerability Repair AVR techniques -- including recent LLM-based systems -- are not directly applicable to continuou...
Diverse LLMs Vs. Vulnerabilities: Who Detects and Fixes Them Better?
Large Language Models LLMs are increasingly being studied for Software Vulnerability Detection SVD and Repair SVR. Individual LLMs have demonstrated code understanding abilities, but they frequently struggle when identifying complex vulnerabilities and generating fixes. This study presents...
SecureFixAgent: a Hybrid LLM Agent for Automated Python Static Vulnerability Repair
Modern software development pipelines face growing challenges in securing large codebases with extensive dependencies. Static analysis tools like Bandit are effective at vulnerability detection but suffer from high false positives and lack repair capabilities. Large Language Models LLMs, in...
VulnRepairEval: an Exploit-Based Evaluation Framework for Assessing Large Language Model Vulnerability Repair Capabilities
The adoption of Large Language Models LLMs for automated software vulnerability patching has shown promising outcomes on carefully curated evaluation sets. Nevertheless, existing datasets predominantly rely on superficial validation methods rather than exploit-based verification, leading to...
PatchProve
PatchProve A PoC-Driven Benchmark for Evaluating Large Lang...
SoK: Automated Vulnerability Repair: Methods, Tools, and Assessments
The increasing complexity of software has led to the steady growth of vulnerabilities. Vulnerability repair investigates how to fix software vulnerabilities. Manual vulnerability repair is labor-intensive and time-consuming because it relies on human experts, highlighting the importance of...
SUSE-SU-2023:0747-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes. - CVE-2021-4203: Fixed use-after-free read flaw that was found in sockgetsockopt in net/core/sock.c due to SOPEERCRED and SOPEERGROUPS race with listen bsc1194535. - CVE-2022-38096: Fixed NULL-ptr der...
SQL Injection Vulnerability in Website Building System of Shenzhen Shangnuo Times Technology Co.
Business Promise Times iczg is a website design company, providing customers with website planning, web design, website production, hosting domain name, Internet marketing, VI design, website revamping, vulnerability repair and other services. There is a SQL injection vulnerability in the website...
FFmpeg remote file stealing vulnerabilities – moving end of the safety analysis report-vulnerability warning-the black bar safety net
0x1 vulnerability of origin FFmpeg remote file stealing vulnerabilities original source is Foreign vulnerability of the platform,the last year has been in the CTF match is used. Official in January of this year released the fixed version and published the vulnerability number CVE-2 0 1 6-1 8 9...
Payment security vulnerabilities to cause-the National Theatre premium tickets free-vulnerability warning-the black bar safety net
! ! ! ! ! ! ! ! ! ! ! ! 0day vulnerability repair method: Hackers great God,you should know, I don't need to write clear.^^...