Diffploit: Facilitating Cross-Version Exploit Migration for Open Source Library Vulnerabilities

TL;DR

Diffploit introduces an innovative method for automatically migrating exploits across different versions of open source libraries by analyzing behavioral differences and leveraging large language models, significantly improving success rates.

Contribution

The paper presents Diffploit, a novel diff-driven exploit migration approach that effectively handles environment and trigger condition changes using LLM-guided adaptation, outperforming existing tools.

Findings

Successfully migrated 84.2% of exploits across 102 CVEs

Outperformed baseline tools by over 50% in migration success

Discovered unreported vulnerable versions and corrected affected version ranges

Abstract

Exploits are commonly used to demonstrate the presence of library vulnerabilities and validate their impact across different versions. However, their direct application to alternative versions often fails due to breaking changes introduced during evolution. These failures stem from both changes in triggering conditions (e.g., API refactorings) and broken dynamic environments (e.g., build or runtime errors), which are challenging to interpret and adapt manually. Existing techniques primarily focus on code-level trace alignment through fuzzing, which is both time-consuming and insufficient for handling environment-level failures. Moreover, they often fall short when dealing with complicated triggering condition changes across versions. To overcome this, we propose Diffploit, an iterative, diff-driven exploit migration method structured around two key modules: the Context Module and the Migration Module. The Context Module dynamically constructs contexts derived from analyzing behavioral discrepancies between the target and reference versions, which capture the failure symptom and its related diff hunks. Leveraging these contexts, the Migration Module guides an LLM-based adaptation through an iterative feedback loop, balancing exploration of diff candidates and gradual refinement to resolve reproduction failures effectively. We evaluate Diffploit on a large-scale dataset containing 102 Java CVEs and 689 version-migration tasks across 79 libraries. Diffploit successfully migrates 84.2% exploits, outperforming the change-aware test repair tool TARGET by 52.0% and the rule-based tool in IDEA by 61.6%. Beyond technical effectiveness, Diffploit identifies 5 CVE reports with incorrect affected version ranges, three of which have been confirmed. It also discovers 111 unreported vulnerable versions in the GitHub Advisory Database.