New CVE-2023-4807 detected in openssl

Our scan tool reports vulnerabilities CVE-2023-4807 in openssl 1.1.1q used by SQLCipher 4.5.2.
Does these vulnerabilities affect the library net.zetetic:androidx-database-sqlcipher?


Hi @decorunchen,

SQLCipher is not impacted by CVE-2023-4807 as it does not use the POLY1305 MAC algorithm. Additionally, with the 4.5.5 release of SQLCipher [1], the android-database-sqlcipher library has been depreated [1:1] in favor of the long-term supported sqlcipher-android [2] library.

  1. SQLCipher 4.5.5 Release - Zetetic ↩︎ ↩︎

  2. SQLCipher for Android - Zetetic ↩︎

Thanks for your prompt response, we will update the latest library and check.