Vector Database Management Systems (VDBMSs) have become critical in LLM-integrated applications. However, their inherent complexity, including high-dimensional data structures, diverse indexing strategies, and heterogeneous implementations, makes them prone to reliability issues. Among these, crash bugs caused by boundary condition failures, such as invalid configurations and mismatched data dimensions, are particularly severe. These bugs can result in serious consequences like data loss, corrupted indexes, and cascading failures. To address this gap, we propose VDBFuzz, the first fuzzing framework specifically designed to detect VDBMS crash bugs through boundary value testing. VDBFuzz systematically leverages techniques to collect high-quality seeds, generate edge-case inputs, and explore complex API interactions. We evaluated oolname on 8 representative VDBMSs, including native systems (e.g., Weaviate, Milvus), libraries (e.g., Faiss, hnswlib), and extended systems (e.g., pgvector, sqlite-vec). VDBFuzz achieved up to 3x higher code coverage compared to state-of-the-art tools such as RESTler and Schemathesis, uncovering 19 previously unknown bugs, including 13 crash vulnerabilities and 6 runtime exceptions.
Speaker Info:
Shenao Wang is a Ph.D. student at Huazhong University of Science and Technology, advised by Professor Haoyu Wang. His research focuses on the intersection of security, program analysis, and software systems. His recent work centers on the security vulnerabilities in the LLM infrastructure and agentic software ecosystem.