Variant weakness

Draft

CWE-332: Insufficient Entropy in PRNG

The lack of entropy available for, or used by, a Pseudo-Random Number Generator (PRNG) can be a stability and security threat.

Last updated May 1, 2026

5

Recorded CVEs

With this primary weakness

0

KEVs

In the CISA KEV catalog

Medium

Likelihood of exploit

Per MITRE

Variant

Abstraction

MITRE classification

Overview

CWE-332 (Insufficient Entropy in PRNG) is a variant-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.

Real-world CVEs

5 recorded CVEs are caused by CWE-332 (Insufficient Entropy in PRNG). The highest-severity and most recent are shown first. 1 new CWE-332 CVE has been recorded so far in 2026.

CVE-2017-9371

Low · CVSS 2.6

2017-11-14

CVE-2016-9154

Unscored

2016-12-23

Common consequences

What can happen when CWE-332 is exploited.

DoS: Crash, Exit, or Restart

Affects: Availability

If a pseudo-random number generator is using a limited entropy source which runs out (if the generator fails closed), the program may pause or crash.

Bypass Protection Mechanism, Other

Affects: Access Control, Other

If a PRNG is using a limited entropy source which runs out, and the generator fails open, the generator could produce predictable random numbers. Potentially a weak source of random numbers could weaken the encryption method used for authentication of users.

How it happens

When it is introduced

Typically introduced during these phases of the software lifecycle.

Architecture and Design

Implementation

How to prevent it

Practical mitigations for CWE-332, grouped by where in the lifecycle they apply.

Architecture and Design

Requirements

Libraries or Frameworks

Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").

Implementation

Consider a PRNG that re-seeds itself as needed from high-quality pseudo-random output, such as hardware devices.

Architecture and Design

When deciding which PRNG to use, look at its sources of entropy. Depending on what your security needs are, you may need to use a random number generator that always uses strong random data -- i.e., a random number generator that attempts to be strong but will fail in a weak way or will always provide some middle ground of protection through techniques like re-seeding. Generally, something that always provides a predictable amount of strength is preferable.

How to detect it

Automated Static Analysis

Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)

Illustrative examples

Real CVEs that MITRE cites as examples of this weakness.

CVE-2019-1715 — security product has insufficient entropy in the DRBG, allowing collisions and private key discovery

Terminology & mappings

Mapped taxonomies

CLASP: Insufficient entropy in PRNG
The CERT Oracle Secure Coding Standard for Java (2011): Generate strong random numbers (MSC02-J)

Frequently asked questions

Common questions about CWE-332.

What is CWE-332?

The lack of entropy available for, or used by, a Pseudo-Random Number Generator (PRNG) can be a stability and security threat.

What CVEs are caused by CWE-332?

5 recorded CVEs are attributed to CWE-332, including CVE-2026-3290, CVE-2023-20107, CVE-2019-1715.

How do you prevent CWE-332?

Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").

How is CWE-332 detected?

Automated Static Analysis: Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)

What are the consequences of CWE-332?

Exploiting CWE-332 can lead to: DoS: Crash, Exit, or Restart, Bypass Protection Mechanism, Other.

Is CWE-332 actively exploited?

5 recorded CVEs are caused by CWE-332; none are currently in CISA's KEV catalog of actively exploited flaws.

References

Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.

Stay ahead of CWE-332

Get alerted the moment a new CWE-332 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.

Start free See pricing

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

How to detect it

Automated Static Analysis

Illustrative examples

Related weaknesses

Parent

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-332?

What CVEs are caused by CWE-332?

How do you prevent CWE-332?

How is CWE-332 detected?

What are the consequences of CWE-332?

Is CWE-332 actively exploited?

References

Stay ahead of CWE-332