New vulnerability CVE-2023-5678 in OpenSSL version 1.1.1q

New vulnerability CVE-2023-5678 in OpenSSL version 1.1.1q,

We are using following packages in our android application.

‘net.zetetic:android-database-sqlcipher:4.5.4@aar’
‘net.zetetic:android-database-sqlcipher:4.5.3@aar’
‘net.zetetic:android-database-sqlcipher:4.5.2@aar’

Does CVE-2023-5678 affect our application?

@shiva.hw SQLCipher does not use DH, so it is not affected by CVE-2023-5678.

Even so, our recommendation would be to upgrade to SQLCipher 4.5.6 which is based on SQLite 3.44.2.

We are no longer releasing pre-built community edition packages of the legacy android-database-sqlcipher package, so if you are using community edition we recommend migrating to sqlcipher-android (integration instructions, github , migration guide).

If you are using a commercially licensed android-database-sqlcipher package you may contact us separately at support@zetetic.net to discuss further.