CWE-339: Small Seed Space in PRNG
A Pseudo-Random Number Generator (PRNG) uses a relatively small seed space, which makes it more susceptible to brute force attacks.
Last updated
Overview
PRNGs are entirely deterministic once seeded, so it should be extremely difficult to guess the seed. If an attacker can collect the outputs of a PRNG and then brute force the seed by trying every possibility to see which seed matches the observed output, then the attacker will know the output of any subsequent calls to the PRNG. A small seed space implies that the attacker will have far fewer possible values to try to exhaust all possibilities.
Real-world CVEs
1 recorded CVEs are caused by CWE-339 (Small Seed Space in PRNG). The highest-severity and most recent are shown first. 1 new CWE-339 CVE has been recorded so far in 2026.
Common consequences
What can happen when CWE-339 is exploited.
Varies by Context
Affects: Other
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.