Automated program repair (APR) is an emerging technology which seeks to automatically rectify program errors and vulnerabilities. Repair techniques are driven by a correctness criterion which is often in the form of a test-suite. Such test-based repair may produce over-fitting patches, where the patches produced fail on tests outside the test-suite driving the repair. In this article, which is originally published as journal-first in TOSEM, we presents a repair method which fixes program vulnerabilities without the need for a voluminous test-suite. Given a vulnerability as evidenced by an exploit, the technique extracts a constraint representing the vulnerability with the help of sanitizers. The extracted constraint serves as a proof obligation which our synthesized patch should satisfy. Our technique then localizes suspicious locations by flow-based static analysis, without the need for high-quality test suite. The proof obligation is met by propagating the extracted constraint to the suspicious locations. Finally, on a suspicious location, our technique synthesizes patches which ensure that the constraint is satisfied for all possible inputs. We believe that our work presents a way forward for the overfitting problem in program repair, by generalizing observable hazards/vulnerabilities (as constraint) from a single failing test or exploit.