Vulnerability in openssl-1.1.1q

Question

Vulnerability in openssl-1.1.1q

yang9yang opened this issue 2 years ago · 1 comments

Our internal tool reported that there are some Vulnerabilities in openssl-1.1.1.q

CVE-2023-0464
CVE-2023-0465
CVE-2023-0466

They will causing by passing the '-policy' argument to the command line utilities or by calling the 'X509_VERIFY_PARAM_set1_policies()' function.
Will the new version fix these issues? Or when will they be fixed?

Answer 1 · 2023-04-10T13:03:13.000Z

Hi @yang9yang,

SQLCipher is not affected by these CVE's. SQLCipher does not use the X.509 features within OpenSSL.