Vulnerability in openssl-1.1.1s

sqlcipher / android-database-sqlcipher

Android SQLite API based on SQLCipher

https://www.zetetic.net/sqlcipher/sqlcipher-for-android/

Other

2.73k stars 564 forks source link

Vulnerability in openssl-1.1.1s #625

Closed xueshan06 closed 1 year ago

xueshan06 commented 1 year ago

Our internal tool reported that there are some Vulnerabilities in openssl-1.1.1.s And android-database-sqlcipher version is 4.5.3 CVE-2022-4304 CVE-2023-0286 CVE-2023-0215 CVE-2022-4450

Will the new version fix these issues? Or when will they be fixed?

developernotes commented 1 year ago

Hi @xueshan06,

SQLCipher is not impacted by these CVE's as it does not utilize RSA, pyca/cryptography's wheels, use the BIO stream abstraction, nor process PEM files.

The next release of SQLCipher is imminent, and will use OpenSSL 1.1.1t for non FIPS-based builds targeting OpenSSL.