Name of the Vulnerable Software and Affected Versions: awskms and aesgcm providers (affected versions not specified)

Description: The issue concerns the risk of an IV collision when using the awskms or aesgcm provider for encryption, particularly in scenarios like database column encryption where ciphertexts are persisted and stored together. According to NIST SP 800-38D section 8.3, it is unsafe to encrypt more than 2^32 plaintexts under the same key with a random IV, as this could lead to an IV collision. Such a collision could enable an attacker with access to the ciphertexts to decrypt all messages encrypted with the affected key.

Recommendations: For the awskms provider, consider switching to a counter-based IV as a fix. For the aesgcm provider, as a temporary workaround, avoid encrypting more than 2^32 values with any key to minimize the risk of IV collision. At the moment, there is no information about a newer version that contains a fix for this vulnerability.