AI Finds 20-Year-Old Bugs in PostgreSQL and MariaDB

The discovery underscores how artificial intelligence is reshaping vulnerability research. Xint Code leverages large‑language models to parse source code at scale, flagging logic errors that human reviewers might miss. By automating pattern recognition across decades of commits, AI can surface legacy defects that have lingered unnoticed, accelerating the disclosure timeline and prompting faster remediation across the open‑source ecosystem.

PostgreSQL, a backbone for financial services, SaaS platforms, and government workloads, faced two critical flaws in its pgcrypto extension and a validation routine. Both bugs enable heap‑based buffer overflows that can be chained into remote code execution, a nightmare for any organization exposing database ports to the internet. The Wiz study’s finding that 80% of cloud PostgreSQL instances are internet‑facing amplifies the risk, turning a theoretical exploit into a practical attack vector for nation‑state actors and cybercriminals alike.

MariaDB’s JSON schema validation issue, while requiring authenticated access, still presents a serious threat in environments where credentials are compromised or SQL injection is possible. The rapid release of patches for versions 11.4.10 and 11.8.6 demonstrates responsive stewardship, yet the broader lesson is clear: legacy codebases demand continuous scrutiny. Enterprises should prioritize timely updates, enforce strict network segmentation for database services, and consider AI‑enhanced code analysis tools as part of a proactive security posture.