As software vulnerabilities increase in both volume and complexity, vendors often struggle to repair them promptly. Automated vulnerability repair has emerged as a promising solution to reduce the burden of manual debugging and fixing activities. However, existing techniques exclusively focus on repairing the vulnerabilities at the source code level, which has various limitations. For example, they are not applicable to those (e.g., users or security analysts) who do not have access to the source code. Consequently, this restricts the practical application of these techniques, especially in cases where vendors are unable to provide timely patches. In this paper, we aim to address the above limitations by performing vulnerability repair at binary code level, and accordingly propose a template-based automated vulnerability repair approach for Java binaries. Built on top of the literature, we collect fix templates from both existing template-based automated program repair approaches and vulnerability-specific analyses, which are then implemented for the Java binaries. Our systematic application of these templates effectively mitigates vulnerabilities: experiments on the Vul4J dataset demonstrate that TemVUR successfully repairs 11 vulnerabilities, marking a notable 57.1% improvement over current repair techniques. Moreover, TemVUR securely fixes 66.7% more vulnerabilities compared to leading techniques (15 vs. 9), underscoring its effectiveness in mitigating the risks posed by these vulnerabilities. To assess the generalizability of TemVUR, we curate the ManyVuls4J dataset, which goes beyond Vul4J to encompass a wider diversity of vulnerabilities. With 30% more vulnerabilities than its predecessor (increasing from 79 to 103). The evaluation on ManyVuls4J reaffirms TemVUR's effectiveness and generalizability across a diverse set of real-world vulnerabilities.

翻译：随着软件漏洞在数量和复杂性上的持续增长，供应商往往难以及时修复它们。自动化漏洞修复已成为减轻人工调试与修复工作负担的一种有前景的解决方案。然而，现有技术仅专注于在源代码层面修复漏洞，这存在诸多局限性。例如，它们不适用于那些无法访问源代码的用户或安全分析师。因此，这限制了这些技术的实际应用，尤其是在供应商无法提供及时补丁的情况下。本文旨在通过在二进制代码层面执行漏洞修复来解决上述局限，并相应提出一种针对Java二进制文件的基于模板的自动化漏洞修复方法。基于现有文献，我们从已有的基于模板的自动化程序修复方法和针对特定漏洞的分析中收集修复模板，随后将其应用于Java二进制文件。我们对这些模板的系统性应用有效缓解了漏洞：在Vul4J数据集上的实验表明，TemVUR成功修复了11个漏洞，相比当前修复技术实现了57.1%的显著提升。此外，与领先技术相比（15个对9个），TemVUR安全修复的漏洞数量多出66.7%，突显了其在缓解这些漏洞所带来风险方面的有效性。为了评估TemVUR的泛化能力，我们构建了ManyVuls4J数据集，该数据集超越了Vul4J，涵盖了更多样化的漏洞类型，其漏洞数量比前者增加了30%（从79个增至103个）。在ManyVuls4J上的评估再次证实了TemVUR在多样化真实世界漏洞集上的有效性和泛化能力。