Cve2021-3450& cve2021-3449

GreatAnn0827 · April 12, 2021, 7:01am

Hi,Are there any patches for CVE2021-3450& CVE2021-3449?

developernotes · April 12, 2021, 4:01pm

SQLCipher does not interface with X.509 public key certificates, nor the TLS component of OpenSSL and is not impacted by these CVE’s.

renzhepo · April 28, 2021, 12:25pm

Hello,is there any plan to update openssl 1.1.1j to openssl 1.1.1k? or modify CVE’s ?

developernotes · April 28, 2021, 1:10pm

For SQLCipher products which utilize OpenSSL, we tend to integrate the latest OpenSSL release when we issue new public releases of SQLCipher.

sjlombardo · April 28, 2021, 1:16pm

@renzhepo the version of OpenSSL will be updated in the next release. However, SQLCipher is not affected by these CVEs.

Topic		Replies	Views
Cve-2021-3711& cve-2021-3712 SQLCipher	2	481	November 1, 2021
CVE-2022-0778 in v4.5.0 Issues	1	457	March 28, 2022
New CVE-2022-4304, CVE-2022-4450,CVE-2022-0215,CVE-2022-0286, is sqlcipher effected? SQLCipher	5	631	March 10, 2023
Cve-2021-3711, cve-2021-3712, cve-2021-3450 & cve-2021-3449 SQLCipher	2	498	November 1, 2021
New vulnerability CVE-2024-0727 in OpenSSL version 1.1.1q SQLCipher	1	275	February 7, 2024