-
Notifications
You must be signed in to change notification settings - Fork 564
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vulnerability in SQLite3.39.2 CVE-2024-0232 #641
Comments
Hello @sankar-gp, This issue was addressed in SQLite upstream 3.43.2. The latest SQLCipher release, 4.5.6 is based on SQLite upstream 3.44.2. Please note that we stopped releasing Community builds of |
Does this issue Vulnerability our application? |
Hi @sankar-gp, If your application is using SQLite 3.39.2, via SQLCipher 4.5.2 we would recommend you update your library. |
We are using 'net.zetetic:android-database-sqlcipher:4.5.3@aar' and 'net.zetetic:android-database-sqlcipher:4.5.4@aar' versions in our app |
@sankar-gp - it appears you have cross-posted this issue in several places, please reference our response to your question on the SQLCipher Discussion Site. |
Our internal tool reported that there is a Vulnerability in SQLite3.39.2
CVE-2024-0232
A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.
The text was updated successfully, but these errors were encountered: