Our scan tool reports vulnerabilities CVE-2023-4807 in openssl 1.1.1q used by SQLCipher 4.5.2.
Does these vulnerabilities affect the library net.zetetic:androidx-database-sqlcipher?
Thanks
Our scan tool reports vulnerabilities CVE-2023-4807 in openssl 1.1.1q used by SQLCipher 4.5.2.
Does these vulnerabilities affect the library net.zetetic:androidx-database-sqlcipher?
Thanks
Hi @decorunchen,
SQLCipher is not impacted by CVE-2023-4807 as it does not use the POLY1305 MAC algorithm. Additionally, with the 4.5.5 release of SQLCipher [1], the android-database-sqlcipher
library has been depreated [1:1] in favor of the long-term supported sqlcipher-android
[2] library.
Thanks for your prompt response, we will update the latest library and check.