New vulnerability CVE-2023-5678 in OpenSSL version 1.1.1q

New vulnerability CVE-2023-5678 in OpenSSL version 1.1.1q,

We are using following packages in our android application.


Does CVE-2023-5678 affect our application?

@shiva.hw SQLCipher does not use DH, so it is not affected by CVE-2023-5678.

Even so, our recommendation would be to upgrade to SQLCipher 4.5.6 which is based on SQLite 3.44.2.

We are no longer releasing pre-built community edition packages of the legacy android-database-sqlcipher package, so if you are using community edition we recommend migrating to sqlcipher-android (integration instructions, github , migration guide).

If you are using a commercially licensed android-database-sqlcipher package you may contact us separately at to discuss further.

is this applicable for Android app

Yes, this is applicable to Android