CWE · MITRE source
CWE-332Insufficient Entropy in PRNG
The lack of entropy available for, or used by, a Pseudo-Random Number Generator (PRNG) can be a stability and security threat.
Last updated: 19 May 2026 22:20 UTC
NIST 800-53 r5 controls that address this weakness (1)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
SC-12 | Cryptographic Key Establishment and Management | SC | Managed key generation relies on PRNGs seeded and operated with adequate entropy, avoiding the listed weakness. |
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2018-9057 | 2.0 | 9.8 | 0.0046 | 2018-03-27 |
CVE-2016-9154 UPD | 1.6 | 7.5 | 0.0117 | 2016-12-23 |
CVE-2014-9690 UPD | 1.5 | 7.5 | 0.0018 | 2017-04-02 |
CVE-2016-10743 | 1.5 | 7.5 | 0.0043 | 2019-03-23 |
CVE-2017-18486 | 1.5 | 7.2 | 0.0159 | 2019-08-09 |
CVE-2023-20107 | 1.5 | 7.5 | 0.0050 | 2023-03-23 |
CVE-2019-1715 | 1.1 | 5.3 | 0.0040 | 2019-05-03 |
CVE-2017-9371 UPD | 0.5 | 2.6 | 0.0024 | 2017-11-14 |
CVE-2014-0016 | 0.0 | 0.0 | 0.0031 | 2014-03-24 |
CVE-2026-3290 | 0.0 | 0.0 | 0.0002 | 2026-05-14 |