New CVE-2022-4304, CVE-2022-4450,CVE-2022-0215,CVE-2022-0286, is sqlcipher effected?

chen_song · February 9, 2023, 6:46am

Hello, recently new CVE-2022-4304, CVE-2022-4450,CVE-2022-0215,CVE-2022-0286 have been discovered in openssl. Do these affect our products?

sjlombardo · February 9, 2023, 2:08pm

Hello @chen_song - SQLCipher is not affected by any of these CVEs. SQLCipher does not use any of the impacted X.509, BIO, PEM, or RSA features.

Jianye_0971 · March 6, 2023, 3:19pm

When will SQLCipher upgrade OpenSSL to 1.1.1t?

sjlombardo · March 6, 2023, 11:00pm

It will be upgraded to 1.1.1t for our next release. We can’t share a release date at this time, but it is under development.

longchao1201 · March 10, 2023, 7:22am

CVE-2022-4450, CVE-2022-4304
CVE-2023-0215, CVE-2023-0286

The last two CVE No. should be CVE-2023-xxx, not 2022.
Please check whether it is correct. @sjlombardo

sjlombardo · March 10, 2023, 1:42pm

Hello @longchao1201 - confirmed, those do not affect SQLCipher.

Topic		Replies	Views
New CVE-2022-1292 occurs Issues	3	588	June 24, 2022
Cve-2021-3711& cve-2021-3712 SQLCipher	2	481	November 1, 2021
New vulnerability CVE-2024-0727 in OpenSSL version 1.1.1q SQLCipher	1	275	February 7, 2024
Cve2021-3450& cve2021-3449 SQLCipher	4	494	April 28, 2021
New CVE-2022-2068 occurs SQLCipher	2	486	June 27, 2022