Vulnerability in openssl-1.1.1q

sqlcipher / android-database-sqlcipher

Android SQLite API based on SQLCipher

https://www.zetetic.net/sqlcipher/sqlcipher-for-android/

Other

2.73k stars 564 forks source link

Vulnerability in openssl-1.1.1q #622

Closed yang9yang closed 1 year ago

yang9yang commented 1 year ago

Our internal tool reported that there are some Vulnerabilities in openssl-1.1.1.q

CVE-2023-0464 CVE-2023-0465 CVE-2023-0466

They will causing by passing the '-policy' argument to the command line utilities or by calling the 'X509_VERIFY_PARAM_set1_policies()' function. Will the new version fix these issues? Or when will they be fixed?

developernotes commented 1 year ago

Hi @yang9yang,

SQLCipher is not affected by these CVE's. SQLCipher does not use the X.509 features within OpenSSL.