New CVE-2023-4807 detected in openssl

decorunchen · September 14, 2023, 2:24am

Our scan tool reports vulnerabilities CVE-2023-4807 in openssl 1.1.1q used by SQLCipher 4.5.2.
Does these vulnerabilities affect the library net.zetetic:androidx-database-sqlcipher?

Thanks

developernotes · September 14, 2023, 1:27pm

Hi @decorunchen,

SQLCipher is not impacted by CVE-2023-4807 as it does not use the POLY1305 MAC algorithm. Additionally, with the 4.5.5 release of SQLCipher ^[1], the android-database-sqlcipher library has been depreated ^[1:1] in favor of the long-term supported sqlcipher-android ^[2] library.

decorunchen · September 15, 2023, 1:26am

Thanks for your prompt response, we will update the latest library and check.

Topic		Replies	Views
New vulnerabilities detected in openssl SQLCipher	1	315	August 3, 2023
Our internal tool reported CVE-2023-0464 vulnerability in openssl SQLCipher	1	338	March 31, 2023
New vulnerabilities CVE-2023-0465 and CVE-2023-0466 in openssl SQLCipher	1	415	May 2, 2023
New vulnerability CVE-2023-5678 in openssl SQLCipher	1	177	November 9, 2023
New vulnerability CVE-2023-5678 in OpenSSL version 1.1.1q Issues	3	98	March 25, 2024

New CVE-2023-4807 detected in openssl

Related Topics