CWE-333 1 CVEs MITRE definition ↗

CWE-333: Improper Handling of Insufficient Entropy in TRNG

Overview

CWE-333 (Improper Handling of Insufficient Entropy in TRNG) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.

Security impact
Security impact: Depends on product and context; use CVE records, severity scores, and MITRE guidance to prioritize.

Description

True random number generators (TRNG) generally have a limited source of entropy and therefore can fail or block.

Applicable platforms

Kind Name Class Prevalence OS / CPE
language Not Language-Specific Undetermined

Related CVEs in this database

These CVEs are mapped to this weakness in this database and kept for traceability and search.

CVE Published Summary
CVE-2025-62626 2025-11-21 Improper handling of insufficient entropy in the AMD CPUs could allow a local attacker to influence the values returned by the RDSEED instruction, potentially resulting in the consumption of insuffici…

Previous names

  • Failure of TRNG (2008-04-11)
  • Failure to Handle Insufficient Entropy in TRNG (2009-05-27)

Content submission

Name
CLASP
Date
2006-07-19
Version
Draft 3

Content modifications

Date Name Version Importance Comment
2008-07-01 Eric Dalci 1.0 updated Time_of_Introduction
2008-09-08 CWE Content Team 1.0 updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings
2009-05-27 CWE Content Team 1.4 updated Description, Name
2009-10-29 CWE Content Team 1.6 updated Description, Other_Notes
2011-06-01 CWE Content Team 1.13 updated Common_Consequences, Relationships, Taxonomy_Mappings
2012-05-11 CWE Content Team 2.2 updated Relationships
2012-10-30 CWE Content Team 2.3 updated Demonstrative_Examples
2017-11-08 CWE Content Team 3.0 updated Applicable_Platforms, Likelihood_of_Exploit, Modes_of_Introduction, Relationships
2019-01-03 CWE Content Team 3.2 updated Taxonomy_Mappings
2020-02-24 CWE Content Team 4.0 updated References, Relationships
2021-07-20 CWE Content Team 4.5 updated Maintenance_Notes
2023-04-27 CWE Content Team 4.11 updated Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2024-02-29 CWE Content Team 4.14 updated Relationships
2025-12-11 CWE Content Team 4.19 updated Weakness_Ordinalities
cvelogic Threat Intelligence