{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,20]],"date-time":"2025-10-20T22:41:04Z","timestamp":1761000064902,"version":"build-2065373602"},"publisher-location":"Singapore","reference-count":55,"publisher":"Springer Nature Singapore","isbn-type":[{"type":"print","value":"9789819535361"},{"type":"electronic","value":"9789819535378"}],"license":[{"start":{"date-parts":[[2025,10,20]],"date-time":"2025-10-20T00:00:00Z","timestamp":1760918400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,10,20]],"date-time":"2025-10-20T00:00:00Z","timestamp":1760918400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-981-95-3537-8_10","type":"book-chapter","created":{"date-parts":[[2025,10,19]],"date-time":"2025-10-19T10:43:41Z","timestamp":1760870621000},"page":"175-194","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Towards Efficient C\/C++ Vulnerability Impact Assessment in\u00a0Package Management Systems"],"prefix":"10.1007","author":[{"given":"Zibo","family":"Wang","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xiangkun","family":"Jia","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jia","family":"Yan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yi","family":"Yang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Huafeng","family":"Huang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Purui","family":"Su","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2025,10,20]]},"reference":[{"key":"10_CR1","unstructured":"Apt (2024). https:\/\/salsa.debian.org\/apt-team\/apt"},{"key":"10_CR2","unstructured":"Dependency-check (2024). https:\/\/owasp.org\/www-project-dependency-check\/"},{"key":"10_CR3","unstructured":"Details of package slic3r (2024). https:\/\/packages.ubuntu.com\/oracular\/slic3r"},{"key":"10_CR4","unstructured":"Fedora packages (2024). https:\/\/src.fedoraproject.org\/"},{"key":"10_CR5","unstructured":"Joern - the bug hunter\u2019s workbench (2024). https:\/\/github.com\/joernio\/joern"},{"key":"10_CR6","unstructured":"National vulnerability database (2024). https:\/\/nvd.nist.gov\/"},{"key":"10_CR7","unstructured":"Ubuntu packages (2024). https:\/\/packages.ubuntu.com\/"},{"key":"10_CR8","doi-asserted-by":"crossref","unstructured":"Babi\u0107, D., et al.: Fudge: fuzz driver generation at scale. In: Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (2019)","DOI":"10.1145\/3338906.3340456"},{"key":"10_CR9","doi-asserted-by":"crossref","unstructured":"B\u00f6hme, M., Pham, V.T., Nguyen, M.D., Roychoudhury, A.: Directed greybox fuzzing. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (2017)","DOI":"10.1145\/3133956.3134020"},{"key":"10_CR10","doi-asserted-by":"crossref","unstructured":"Chen, H., et al.: Hawkeye: towards a desired directed grey-box fuzzer. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (2018)","DOI":"10.1145\/3243734.3243849"},{"key":"10_CR11","doi-asserted-by":"crossref","unstructured":"Chen, Y., Ding, Z., Alowain, L., Chen, X., Wagner, D.: Diversevul: a new vulnerable source code dataset for deep learning based vulnerability detection. In: Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses (2023)","DOI":"10.1145\/3607199.3607242"},{"key":"10_CR12","doi-asserted-by":"crossref","unstructured":"Dai, J., et al.: Facilitating vulnerability assessment through poc migration. In: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (2021)","DOI":"10.1145\/3460120.3484594"},{"key":"10_CR13","doi-asserted-by":"crossref","unstructured":"Ding, S.H., Fung, B.C., Charland, P.: Asm2vec: boosting static representation robustness for binary clone search against code obfuscation and compiler optimization. In: 2019 IEEE Symposium on Security and Privacy (sp) (2019)","DOI":"10.1109\/SP.2019.00003"},{"key":"10_CR14","unstructured":"Dong, Y., Guo, W., Chen, Y., Xing, X., Zhang, Y., Wang, G.: Towards the detection of inconsistencies in public security vulnerability reports. In: 28th USENIX security symposium (USENIX Security 2019) (2019)"},{"key":"10_CR15","doi-asserted-by":"crossref","unstructured":"Duan, R., Bijlani, A., Xu, M., Kim, T., Lee, W.: Identifying open-source license violation and 1-day security risk at large scale. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (2017)","DOI":"10.1145\/3133956.3134048"},{"key":"10_CR16","unstructured":"Fioraldi, A., Maier, D., Ei\u00dffeldt, H., Heuse, M.: AFL++: combining incremental steps of fuzzing research. In: 14th USENIX Workshop on Offensive Technologies (WOOT 20) (Aug 2020)"},{"key":"10_CR17","doi-asserted-by":"crossref","unstructured":"Guo, W., Xu, Z., Liu, C., Huang, C., Fang, Y., Liu, Y.: An empirical study of malicious code in pypi ecosystem. In: 2023 38th IEEE\/ACM International Conference on Automated Software Engineering (ASE) (2023)","DOI":"10.1109\/ASE56229.2023.00135"},{"key":"10_CR18","doi-asserted-by":"crossref","unstructured":"Haq, I.U., Caballero, J.: A survey of binary code similarity. ACM Comput. Surv. (CSUR) (2021)","DOI":"10.1145\/3446371"},{"key":"10_CR19","doi-asserted-by":"crossref","unstructured":"Huang, H., Guo, Y., Shi, Q., Yao, P., Wu, R., Zhang, C.: Beacon: directed grey-box fuzzing with provable path pruning. In: 2022 IEEE Symposium on Security and Privacy (SP) (2022)","DOI":"10.1109\/SP46214.2022.9833751"},{"key":"10_CR20","doi-asserted-by":"crossref","unstructured":"Huang, H., Yao, P., Chiu, H.C., Guo, Y., Zhang, C.: Titan: efficient multi-target directed greybox fuzzing. In: 2024 IEEE Symposium on Security and Privacy (SP) (2024)","DOI":"10.1109\/SP54263.2024.00059"},{"key":"10_CR21","unstructured":"Ispoglou, K., Austin, D., Mohan, V., Payer, M.: $$\\{$$FuzzGen$$\\}$$: automatic fuzzer generation. In: 29th USENIX Security Symposium (USENIX Security 2020) (2020)"},{"key":"10_CR22","doi-asserted-by":"crossref","unstructured":"Jiang, L., et al.: Binaryai: binary software composition analysis via intelligent binary source code matching. In: Proceedings of the IEEE\/ACM 46th International Conference on Software Engineering (2024)","DOI":"10.1145\/3597503.3639100"},{"key":"10_CR23","doi-asserted-by":"crossref","unstructured":"Jiang, L., Yuan, H., Tang, Q., Nie, S., Wu, S., Zhang, Y.: Third-party library dependency for large-scale sca in the c\/c++ ecosystem: How far are we? In: Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis (2023)","DOI":"10.1145\/3597926.3598143"},{"key":"10_CR24","doi-asserted-by":"crossref","unstructured":"Kim, S., Woo, S., Lee, H., Oh, H.: Vuddy: a scalable approach for vulnerable code clone discovery. In: 2017 IEEE Symposium on Security and Privacy (SP) (2017)","DOI":"10.1109\/SP.2017.62"},{"key":"10_CR25","doi-asserted-by":"crossref","unstructured":"Lee, H., Kim, S., Cha, S.K.: Fuzzle: making a puzzle for fuzzers. In: Proceedings of the 37th IEEE\/ACM International Conference on Automated Software Engineeringm pp. 1\u201312 (2022)","DOI":"10.1145\/3551349.3556908"},{"key":"10_CR26","doi-asserted-by":"crossref","unstructured":"Liu, C., Chen, S., Fan, L., Chen, B., Liu, Y., Peng, X.: Demystifying the vulnerability propagation and its evolution via dependency trees in the npm ecosystem. In: Proceedings of the 44th International Conference on Software Engineering (2022)","DOI":"10.1145\/3510003.3510142"},{"key":"10_CR27","unstructured":"Liu, H., et al.: Survey on automated vulnerability mining techniques for iot device firmware. Chin. J. Netw. Inform. Sec. (2025)"},{"key":"10_CR28","doi-asserted-by":"crossref","unstructured":"Liu, Y., Wang, Y., Jia, X., Zhang, Z., Su, P.: Afgen: whole-function fuzzing for applications and libraries. In: 2024 IEEE Symposium on Security and Privacy (SP) (2024)","DOI":"10.1109\/SP54263.2024.00011"},{"key":"10_CR29","doi-asserted-by":"crossref","unstructured":"Luo, C., Meng, W., Li, P.: Selectfuzz: efficient directed fuzzing with selective path exploration. In: 2023 IEEE Symposium on Security and Privacy (SP) (2023)","DOI":"10.1109\/SP46215.2023.10179296"},{"key":"10_CR30","doi-asserted-by":"crossref","unstructured":"Lyu, Y., Xie, Y., Chen, P., Chen, H.: Prompt fuzzing for fuzz driver generation. In: Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security (2024)","DOI":"10.1145\/3658644.3670396"},{"key":"10_CR31","doi-asserted-by":"crossref","unstructured":"Man\u00e8s, V.J.M., et al.: The art, science, and engineering of fuzzing: a survey. IEEE Trans. Softw. Eng. (2021)","DOI":"10.1109\/TSE.2019.2946563"},{"key":"10_CR32","doi-asserted-by":"crossref","unstructured":"Murali, A., Mathews, N., Alfadel, M., Nagappan, M., Xu, M.: Fuzzslice: pruning false positives in static analysis warnings through function-level fuzzing. In: Proceedings of the 46th IEEE\/ACM International Conference on Software Engineering (2024)","DOI":"10.1145\/3597503.3623321"},{"key":"10_CR33","doi-asserted-by":"crossref","unstructured":"Na, Y., Woo, S., Lee, J., Lee, H.: Cneps: a precise approach for examining dependencies among third-party c\/c++ open-source components. In: Proceedings of the IEEE\/ACM 46th International Conference on Software Engineering (2024)","DOI":"10.1145\/3597503.3639209"},{"key":"10_CR34","doi-asserted-by":"crossref","unstructured":"Peng, J., et al.: 1dvul: discovering 1-day vulnerabilities through binary patches. In: 2019 49th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN) (2019)","DOI":"10.1109\/DSN.2019.00066"},{"key":"10_CR35","unstructured":"Serebryany, K., Bruening, D., Potapenko, A., Vyukov, D.: $$\\{$$AddressSanitizer$$\\}$$: a fast address sanity checker. In: 2012 USENIX Annual Technical Conference (USENIX ATC 12) (2012)"},{"key":"10_CR36","doi-asserted-by":"crossref","unstructured":"Stuckman, J., Purtilo, J.: Mining security vulnerabilities from linux distribution metadata. In: 2014 IEEE International Symposium on Software Reliability Engineering Workshops (2014)","DOI":"10.1109\/ISSREW.2014.101"},{"key":"10_CR37","doi-asserted-by":"crossref","unstructured":"Sui, Y., Xue, J.: Svf: interprocedural static value-flow analysis in llvm. In: Proceedings of the 25th International Conference on Compiler Construction, pp. 265\u2013266 (2016)","DOI":"10.1145\/2892208.2892235"},{"key":"10_CR38","doi-asserted-by":"crossref","unstructured":"Tang, W., et al.: Towards understanding third-party library dependency in c\/c++ ecosystem. In: Proceedings of the 37th IEEE\/ACM International Conference on Automated Software Engineering (2022)","DOI":"10.1145\/3551349.3560432"},{"key":"10_CR39","doi-asserted-by":"crossref","unstructured":"Wang, H., et al.: Cebin: a cost-effective framework for large-scale binary code similarity detection. In: Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis (2024)","DOI":"10.1145\/3650212.3652117"},{"key":"10_CR40","doi-asserted-by":"crossref","unstructured":"Wang, H., et al.: Jtrans: jump-aware transformer for binary code similarity detection. In: Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis (2022)","DOI":"10.1145\/3533767.3534367"},{"key":"10_CR41","doi-asserted-by":"crossref","unstructured":"Wang, P., Zhou, X., Yue, T., Lin, P., Liu, Y., Lu, K.: The progress, challenges, and perspectives of directed greybox fuzzing. Software Testing, Verification and Reliability (2024)","DOI":"10.1002\/stvr.1869"},{"key":"10_CR42","unstructured":"Woo, S., Choi, E., Lee, H., Oh, H.: $$\\{$$V1SCAN$$\\}$$: discovering 1-day vulnerabilities in reused $$\\{$$C\/C++$$\\}$$ open-source software components using code classification techniques. In: 32nd USENIX Security Symposium (USENIX Security 2023) (2023)"},{"key":"10_CR43","doi-asserted-by":"crossref","unstructured":"Woo, S., Park, S., Kim, S., Lee, H., Oh, H.: Centris: a precise and scalable approach for identifying modified open-source software reuse. In: 2021 IEEE\/ACM 43rd International Conference on Software Engineering (ICSE) (2021)","DOI":"10.1109\/ICSE43902.2021.00083"},{"key":"10_CR44","unstructured":"Wu, C., Liu, Q., Li, Y., Cheng, Q., Zhou, H.: A survey on cloud security. ZTE Communications (2019)"},{"key":"10_CR45","doi-asserted-by":"crossref","unstructured":"Wu, J., et al.: Ossfp: precise and scalable c\/c++ third-party library detection using fingerprinting functions. In: 2023 IEEE\/ACM 45th International Conference on Software Engineering (ICSE) (2023)","DOI":"10.1109\/ICSE48619.2023.00034"},{"key":"10_CR46","doi-asserted-by":"crossref","unstructured":"Wu, S., Song, W., Huang, K., Chen, B., Peng, X.: Identifying affected libraries and their ecosystems for open source software vulnerabilities. In: Proceedings of the IEEE\/ACM 46th International Conference on Software Engineering (2024)","DOI":"10.1145\/3597503.3639582"},{"key":"10_CR47","doi-asserted-by":"crossref","unstructured":"Xiao, Y., et al.: Viva: binary level vulnerability identification via partial signature. In: 2021 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER) (2021)","DOI":"10.1109\/SANER50967.2021.00028"},{"key":"10_CR48","doi-asserted-by":"crossref","unstructured":"Xu, X., Liu, C., Feng, Q., Yin, H., Song, L., Song, D.: Neural network-based graph embedding for cross-platform binary code similarity detection. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (2017)","DOI":"10.1145\/3133956.3134018"},{"key":"10_CR49","doi-asserted-by":"crossref","unstructured":"Xu, Y., Xu, Z., Chen, B., Song, F., Liu, Y., Liu, T.: Patch based vulnerability matching for binary programs. In: Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis (2020)","DOI":"10.1145\/3395363.3397361"},{"key":"10_CR50","doi-asserted-by":"crossref","unstructured":"Yang, S., et al.: 1dfuzz: reproduce 1-day vulnerabilities with directed differential fuzzing. In: Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis (2023)","DOI":"10.1145\/3597926.3598102"},{"key":"10_CR51","unstructured":"Yun, I., Lee, S., Xu, M., Jang, Y., Kim, T.: QSYM : a practical concolic execution engine tailored for hybrid fuzzing. In: 27th USENIX Security Symposium (USENIX Security 2018) (2018)"},{"key":"10_CR52","unstructured":"Zalewski, M.: American fuzzy lop (AFL) fuzzer (2013). http:\/\/lcamtuf.coredump.cx\/afl"},{"key":"10_CR53","doi-asserted-by":"crossref","unstructured":"Zhang, D., Luo, P., Tang, W., Zhou, M.: Osldetector: identifying open-source libraries through binary analysis. In: Proceedings of the 35th IEEE\/ACM International Conference on Automated Software Engineering (2020)","DOI":"10.1145\/3324884.3415303"},{"key":"10_CR54","doi-asserted-by":"crossref","unstructured":"Zhao, Y., Zhang, Y., Chacko, D., Cappos, J.: Covsbom: enhancing software bill of materials with integrated code coverage analysis. in: 2024 IEEE 35th International Symposium on Software Reliability Engineering (ISSRE) (2024)","DOI":"10.1109\/ISSRE62328.2024.00031"},{"key":"10_CR55","doi-asserted-by":"crossref","unstructured":"Zuo, F., Li, X., Young, P., Luo, L., Zeng, Q., Zhang, Z.: Neural machine translation inspired binary code similarity comparison beyond function pairs. In: Network and Distributed Systems Security (NDSS) Symposium 2019 (2019)","DOI":"10.14722\/ndss.2019.23492"}],"container-title":["Lecture Notes in Computer Science","Information and Communications Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-95-3537-8_10","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,20]],"date-time":"2025-10-20T22:03:00Z","timestamp":1760997780000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-95-3537-8_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10,20]]},"ISBN":["9789819535361","9789819535378"],"references-count":55,"URL":"https:\/\/doi.org\/10.1007\/978-981-95-3537-8_10","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2025,10,20]]},"assertion":[{"value":"20 October 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ICICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information and Communications Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Nanjing","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"China","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29 October 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"31 October 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"icics2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.icics2025.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}