Cve-2022-1292 cve-2022-2068 cve-2021-3711 cve-2022-0778 cve-2021-3450 cve-2021-3712 cve-2021-4160 cve-2021-3449 cve-2022-2097

shiva · September 28, 2022, 5:17pm

Our internal binary scan tool reported below vulnerabilities

CVE-2022-1292
CVE-2022-2068
CVE-2021-3711
CVE-2022-0778
CVE-2021-3450
CVE-2021-3712
CVE-2021-4160
CVE-2021-3449
CVE-2022-2097

Do these vulnerabilities affect the zetetic library “net.zetetic:android-database-sqlcipher:4.4.3” ?
If yes, could you explain the rationale?
What is the fix plan?

sjlombardo · September 28, 2022, 5:29pm

Hello @shiva . You should consider upgrading to SQLCipher 4.5.2.

shiva · September 29, 2022, 7:30am

Currently we are using 4.4.3version and Kindly let us know whether the above vulnerabilities affect this library (“net.zetetic:android-database-sqlcipher:4.4.3”)

sjlombardo · September 29, 2022, 1:21pm

If you google sqlcipher followed by the CVE string you will find our comments on every one of those CVEs from previous posts. If you are an existing commercial or enterprise edition subscriber you can contact us at support@zetetic.net for summarized feedback.

Topic		Replies	Views
New vulnerabilities CVE-2023-0465 and CVE-2023-0466 in openssl SQLCipher	1	475	May 2, 2023
Our internal tool reported CVE-2023-0464 vulnerability in openssl SQLCipher	1	390	March 31, 2023
New vulnerability CVE-2023-5678 in OpenSSL version 1.1.1q Issues	3	250	March 25, 2024
Cve-2021-3711, cve-2021-3712, cve-2021-3450 & cve-2021-3449 SQLCipher	2	498	November 1, 2021
New vulnerabilities detected in library OpenSSL version 1.1.1q SQLCipher	3	294	November 12, 2023

Cve-2022-1292 cve-2022-2068 cve-2021-3711 cve-2022-0778 cve-2021-3450 cve-2021-3712 cve-2021-4160 cve-2021-3449 cve-2022-2097

Related topics