CWE-333: Improper Handling of Insufficient Entropy in TRNG

True random number generators (TRNG) generally have a limited source of entropy and therefore can fail or block.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Low

Likelihood of exploit

Per MITRE

Variant

Abstraction

MITRE classification

Overview

The rate at which true random numbers can be generated is limited. It is important that one uses them only when they are needed for security.

Real-world CVEs

1 recorded CVEs are caused by CWE-333 (Improper Handling of Insufficient Entropy in TRNG). The highest-severity and most recent are shown first. 0 new CWE-333 CVEs have been recorded so far in 2026 (1 in 2025).

CWE-333: Improper Handling of Insufficient Entropy in TRNG

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

Code examples

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-333?

What CVEs are caused by CWE-333?

How do you prevent CWE-333?

What are the consequences of CWE-333?

Is CWE-333 actively exploited?

References

Stay ahead of CWE-333

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

Code examples

Related weaknesses

Parent

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-333?

What CVEs are caused by CWE-333?

How do you prevent CWE-333?

What are the consequences of CWE-333?

Is CWE-333 actively exploited?

References

Stay ahead of CWE-333