研究人员开发了用于软件二进制文件漏洞发现的代理管道。Patch2Vuln专注于Linux发行版二进制补丁,在半数测试案例中成功识别了安全相关函数。SLYP专为Windows COM二进制文件设计,在查找竞态条件漏洞和生成概念验证代码方面表现出色,发现了28个新漏洞,并分配了16个CVE。 AI
影响 这些代理系统展示了在软件安全分析和漏洞发现方面实现自动化和提高效率的潜力。
排序理由 该集群包含两篇研究论文,详细介绍了用于软件二进制文件漏洞发现的新型代理管道。
AI 生成摘要 · Google Gemini · 来自 4 个来源。 我们如何撰写摘要 →
arXiv:2605.06601v1 Announce Type: cross Abstract: Security updates create a short but important window in which defenders and attackers can compare vulnerable and patched software. Yet in many operational settings, the most accessible artifacts are binary packages rather than sou…
Security updates create a short but important window in which defenders and attackers can compare vulnerable and patched software. Yet in many operational settings, the most accessible artifacts are binary packages rather than source patches or advisory text. This paper asks whet…
arXiv:2605.05000v1 Announce Type: cross Abstract: Windows Component Object Model (COM) services run with elevated privileges and are widely accessible to authenticated users, making race conditions in these binaries a critical surface for local privilege escalation. We present SL…
Windows Component Object Model (COM) services run with elevated privileges and are widely accessible to authenticated users, making race conditions in these binaries a critical surface for local privilege escalation. We present SLYP, an end-to-end agentic pipeline that discovers …