New vulnerability detected in openssl

Fred · March 26, 2025, 6:31am

Hi,
Our scan tool reports vulnerabilities CVE-2025-0306 and CVE-2024-13176 in openssl used by sqlcipher 4.6.1.
Does these vulnerabilities affect net.zetetic:sqlcipher-android?

Thanks,
Fred

developernotes · March 26, 2025, 12:40pm

Hello @Fred,

SQLCipher does not use the Elliptic Curve Digital Signature Algorithm (ECDSA), or the Ruby interpreter so it not impacted by CVE-2025-0306 or CVE-2024-13176. Please note, the latest version of SQLCipher is 4.7.0 ^[1] so you may wish to schedule an update.

SQLCipher 4.7.0 Release | Zetetic ↩︎

Topic		Replies	Views
Some new vulnerabilities in openssl SQLCipher	1	68	November 5, 2024
New vulnerabilities detected in openssl SQLCipher	1	443	August 3, 2023
New vulnerabilities CVE-2023-0465 and CVE-2023-0466 in openssl SQLCipher	1	500	May 2, 2023
Our internal tool reported CVE-2023-0464 vulnerability in openssl SQLCipher	1	406	March 31, 2023
New vulnerability CVE-2023-5678 in OpenSSL version 1.1.1q Issues	3	276	March 25, 2024

New vulnerability detected in openssl

Related topics