New CVE-2022-4304, CVE-2022-4450,CVE-2022-0215,CVE-2022-0286, is sqlcipher effected?

Hello, recently new CVE-2022-4304, CVE-2022-4450,CVE-2022-0215,CVE-2022-0286 have been discovered in openssl. Do these affect our products?

Hello @chen_song - SQLCipher is not affected by any of these CVEs. SQLCipher does not use any of the impacted X.509, BIO, PEM, or RSA features.

When will SQLCipher upgrade OpenSSL to 1.1.1t?

It will be upgraded to 1.1.1t for our next release. We can’t share a release date at this time, but it is under development.

1 Like

CVE-2022-4450, CVE-2022-4304
CVE-2023-0215, CVE-2023-0286

The last two CVE No. should be CVE-2023-xxx, not 2022.
Please check whether it is correct. @sjlombardo

Hello @longchao1201 - confirmed, those do not affect SQLCipher.