CWE · MITRE source
CWE-331Insufficient Entropy
The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.
Last updated: 09 May 2026 03:25 UTC
NIST 800-53 r5 controls that address this weakness (1)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
SC-12 | Cryptographic Key Establishment and Management | SC | Approved key-establishment methods mandate sufficient entropy during key generation, eliminating entropy-starved keys. |
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2008-1447 | 6.6 | 6.8 | 0.8670 | 2008-07-08 |
CVE-2018-15812 | 6.2 | 7.5 | 0.7797 | 2019-07-03 |
CVE-2018-18326 | 6.1 | 7.5 | 0.7630 | 2019-07-03 |
CVE-2015-3405 | 2.5 | 7.5 | 0.1656 | 2017-08-09 |
CVE-2008-2108 | 2.3 | 9.8 | 0.0561 | 2008-05-07 |
CVE-2017-13992 | 2.1 | 8.1 | 0.0828 | 2017-10-05 |
CVE-2018-1000620 | 2.0 | 9.8 | 0.0027 | 2018-07-09 |
CVE-2013-2260 | 2.0 | 9.8 | 0.0050 | 2019-11-04 |
CVE-2020-12735 | 2.0 | 9.8 | 0.0054 | 2020-05-08 |
CVE-2020-10285 | 2.0 | 9.8 | 0.0037 | 2020-07-15 |
CVE-2021-33027 | 2.0 | 9.8 | 0.0061 | 2021-07-19 |
CVE-2021-22727 | 2.0 | 9.8 | 0.0060 | 2021-07-21 |
CVE-2021-36294 | 2.0 | 9.8 | 0.0042 | 2022-01-25 |
CVE-2021-41615 | 2.0 | 9.8 | 0.0033 | 2022-08-08 |
CVE-2022-34294 | 2.0 | 9.8 | 0.0078 | 2022-08-15 |
CVE-2023-4344 | 2.0 | 9.8 | 0.0008 | 2023-08-15 |
CVE-2023-49599 | 2.0 | 9.8 | 0.0029 | 2024-01-10 |
CVE-2024-25730 | 2.0 | 9.8 | 0.0017 | 2024-02-23 |
CVE-2024-47945 | 2.0 | 9.8 | 0.0041 | 2024-10-15 |
CVE-2025-47781 | 2.0 | 9.8 | 0.0068 | 2025-05-14 |
CVE-2025-66565 | 2.0 | 9.8 | 0.0007 | 2025-12-09 |
CVE-2020-36925 | 2.0 | 9.8 | 0.0061 | 2026-01-06 |
CVE-2024-36400 | 1.9 | 9.4 | 0.0033 | 2024-06-04 |
CVE-2017-18883 | 1.8 | 9.1 | 0.0031 | 2020-06-19 |
CVE-2022-37401 | 1.8 | 8.8 | 0.0044 | 2022-08-15 |