Use of Outdated Vulnerable Component

Abu_Basith · July 28, 2023, 1:10pm

Hi all,

I am using the sqlCipher version “net.zetetic:android-database-sqlcipher:4.0.1@aar”. So, regarding this, our security team reported which mentioned below.

Use of Outdated Vulnerable Component - SQLite and OpenSSL:
2 issues: sqlite version 3.26.0 and openssl version `1.1.1

Could you please verify this report statement? I checked our latest sqlcipher version 4.5.3, do I need to increase the sqlcipher version?

Also searched regarding this in the Android document side they mentioned like:
“The version of SQLite depends on the version of Android”. but I mentioned in my manifest file target Api 33.

Thank you.

developernotes · July 28, 2023, 1:38pm

Hi @Abu_Basith,

The latest version of SQLCipher for Android is 4.5.4 and utilizes OpenSSL 1.1.1t for non-FIPS based packages. The latest SQLCipher for Android is supported on Android API 33.

Abu_Basith · July 28, 2023, 2:34pm

Ok, thank you so much @developernotes .

Topic		Replies	Views
Sqlcipher:4.5.4v contains which version of openssl? SQLCipher	9	691	October 4, 2023
Updated Version of SQLcipher SQLCipher	2	164	March 26, 2024
Use of 'net.zetetic:android-database-sqlcipher:4.5.1@aar' give OpenSSL 1.1.1m vulnerability SQLCipher	3	420	June 1, 2022
SQLCipher(v) compatibility with openssl(v) SQLCipher	24	3121	December 20, 2021
SQLCipher 4.5.5 Release Updates	0	472	August 31, 2023

Use of Outdated Vulnerable Component

Related topics