New vulnerabilities detected in openssl

Our scan tool reports vulnerabilities CVE-2023-3817, CVE-2023-0465, CVE-2023-2650, CVE-2023-0464, CVE-2023-0466 in openssl 1.1.1t used by SQLCipher.
Does these vulnerabilities affect the library net.zetetic:android-database-sqlcipher?

Fred Li

Hello @Fred,

SQLCipher is not affected by these CVE’s. SQLCipher does not utilize Diffie–Hellman, certificate verification, ASN.1, and X.509 features of OpenSSL which are impacted by these CVE’s. SQLCipher for Android is also not affected.