sjlombardo
commented
6 months ago SQLCipher does not use DH, and is unaffected. You should also upgrade to 4.5.5 which is the latest release.
Closed lyh-ADT closed 6 months ago
sjlombardo
commented
6 months ago SQLCipher does not use DH, and is unaffected. You should also upgrade to 4.5.5 which is the latest release.
Our internal tool reported that there are some Vulnerabilities in openssl-1.1.1.q And android-database-sqlcipher version is 4.5.2
CVE-2023-5678
It seems like dealing with long X9.42 DH keys will cause this CVE. Is SQLcipher affected by this? Will the new version fix these issues? Or when will they be fixed?