Closed lyh-ADT closed 6 months ago
Our internal tool reported that there are some Vulnerabilities in openssl-1.1.1.q And android-database-sqlcipher version is 4.5.2
CVE-2023-5678
It seems like dealing with long X9.42 DH keys will cause this CVE. Is SQLcipher affected by this? Will the new version fix these issues? Or when will they be fixed?
SQLCipher does not use DH, and is unaffected. You should also upgrade to 4.5.5 which is the latest release.
Our internal tool reported that there are some Vulnerabilities in openssl-1.1.1.q And android-database-sqlcipher version is 4.5.2
CVE-2023-5678
It seems like dealing with long X9.42 DH keys will cause this CVE. Is SQLcipher affected by this? Will the new version fix these issues? Or when will they be fixed?