Go to DBLP homepageGhosts in DBMS: Revealing the Security Impacts of Silent Fixes
Abstract: Database Management Systems (DBMSs) serve as critical infrastructure software, underpinning data storage, management, and access control across a wide range of applications. In practice, DBMS development often follows a fork-based model, where the vendors build upon native systems to implement customized features. However, native DBMSs tend to contain silent vulnerability fixes - fixes applied to vulnerabilities without public disclosure - which lead to vulnerability information leakage and leave downstream DBMSs exposed to unfixed vulnerabilities. This work presents the first systematic study of silent vulnerability fixes in DBMSs and their security implications under fork-based development. Firstly, we introduce NightHawk, a detection framework that analyzes inheritance relationships and identifies silent fixes. NightHawk demonstrates superior performance in silent vulnerability fix detection, with higher precision and more than a 10% improvement in recall compared to existing approaches. Using NightHawk, we analyze 16 DBMSs, over 60 latest releases, and more than 9,000 commits. As a result, we identify 1,951 silent vulnerability fixes, the inheritance of which by downstream DBMSs poses significant security risks. We believe the findings offer new insights into DBMS security and reveal overlooked threats in software supply chains.
External IDs:dblp:conf/dspp/DongNSM25
Loading