We’re pleased to announce the immediate availability of SQLCipher 4.15.0. This release updates the SQLite baseline, addresses a defensive mode bypass in sqlcipher_export, updates cryptographic modules, and includes several other improvements.
sqlcipher_export (reported by Dima Petschke from Deutsche Telekom Security GmbH)sqlcipher_extra_initsqlcipher_export_initSQLCipher Commercial and Enterprise packages include the following enhancements:
SQLCipher for Android (all editions):
sqlcipher_exportThe sqlcipher_export convenience function can be used to copy the contents of one attached database into another. It is most often used to convert between plaintext and encrypted databases. It needs to do dynamic schema manipulation, so the function temporarily clears defensive restrictions during operation. A vulnerability in the handling of the source database name parameter made it possible for a caller to supply a crafted source name, which could execute statements that defensive mode would otherwise block. This could allow direct modifications to the sqlite_schema table and database corruption. SQLCipher 4.15.0 now strictly validates the source database name and prevents the bypass.
This issue is assigned a CVSS 4.0 base score of 2.1 / Low (CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:L). In order to practically exploit this issue, an application must already have an existing SQL injection vulnerability or allow unrestricted SQL access that reaches sqlcipher_export. Note that cryptographic integrity of the database is unaffected. Data remains encrypted under the application-controlled key at all times, all per-page HMAC and underlying integrity protections continue to function, and there is no leakage of data. Since the impact is bounded to schema-level modification, recovery may also be possible through restoration from backup, the SQLite recovery facility, or the correction of schema definitions.
Sincere thanks go to Dima Petschke from Deutsche Telekom Security GmbH for responsibly reporting this significant finding.
The table below summarizes the cryptographic providers used across SQLCipher packages and platforms:
| Edition | Platform | Cryptographic Provider |
|---|---|---|
| Community (non-FIPS) | Android | based on LibTomCrypt 1.18.2 |
| Community (non-FIPS) | Apple | Common Crypto (version varies by OS) |
| Commercial & Enterprise (non-FIPS) | Apple | Common Crypto (version varies by OS) |
| Commercial & Enterprise (non-FIPS) | Other Platforms | OpenSSL 3.5.6 LTS |
| Enterprise FIPS | All Platforms | SQLCipher Cryptographic Module Based on OpenSSL 3.5.6 LTS |
SQLCipher 4.15.0 is available for download now, and we recommend that all applications upgrade to incorporate the sqlcipher_export fix and the other improvements in this release. As always, test your applications thoroughly with the new version before deploying to production.
Commercial and Enterprise - On-demand access to new releases of SQLCipher packages are available to all licensees with an active CipherCare support subscription from the Customer Downloads fulfillment site. Subscribers will also receive a separate email notification regarding the update and can contact us at any time for private support directly from the SQLCipher development team. Commercial and Enterprise edition upgrades require a new license code from the SQLCipher fulfillment site for each version. Don’t forget to change the license code in your application(s) when you upgrade.
Community Edition - SQLCipher Community Edition source code is available on GitHub, via AAR packaging for Android, and Swift Package Manager for Apple platforms.
For feedback and questions, please visit our Community Forum or private support channels. Thank you for using SQLCipher!