CWE-331
AllowedInsufficient Entropy
Abstraction: Base · Status: Draft
The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.
207 vulnerabilities reference this CWE, most recent first.
GHSA-WWX9-MWHP-G8MC
Vulnerability from github – Published: 2022-05-13 01:26 – Updated: 2022-05-13 01:26ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.
{
"affected": [],
"aliases": [
"CVE-2015-3405"
],
"database_specific": {
"cwe_ids": [
"CWE-331"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-08-09T16:29:00Z",
"severity": "HIGH"
},
"details": "ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.",
"id": "GHSA-wwx9-mwhp-g8mc",
"modified": "2022-05-13T01:26:15Z",
"published": "2022-05-13T01:26:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3405"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2015:1459"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2015:2231"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2015-3405"
},
{
"type": "WEB",
"url": "https://bugs.ntp.org/show_bug.cgi?id=2797"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1210324"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03886en_us"
},
{
"type": "WEB",
"url": "http://bk1.ntp.org/ntp-stable/?PAGE=patch\u0026REV=55199296N2gFqH1Hm5GOnhrk9Ypygg"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156248.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00000.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1459.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2231.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2015/dsa-3223"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2015/04/23/14"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/74045"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WXV8-W48J-R2F4
Vulnerability from github – Published: 2026-05-11 18:31 – Updated: 2026-06-10 21:31xml.parsers.expat and xml.etree.ElementTree use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch.
{
"affected": [],
"aliases": [
"CVE-2026-7210"
],
"database_specific": {
"cwe_ids": [
"CWE-331"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-11T18:16:42Z",
"severity": "MODERATE"
},
"details": "`xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\\r\\n\\r\\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch.",
"id": "GHSA-wxv8-w48j-r2f4",
"modified": "2026-06-10T21:31:24Z",
"published": "2026-05-11T18:31:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7210"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/issues/149018"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/pull/149023"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/24b8f12544468e4cedf5bfbe25442fcd495391e4"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/3573b3b1ecbd99030a0b18658e1bfece771b2566"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/eeea765cb9d8f1fc3d8918b272ac3c477983f27a"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/fc9b11ff49cbc82e6f917d07a61517a2b5f3145f"
},
{
"type": "WEB",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/PNY5OMBDPM2FRUZTWFFPJ6LISWKV627K"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/11/13"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/11/8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-X345-32RC-8H85
Vulnerability from github – Published: 2021-05-13 20:22 – Updated: 2024-09-30 20:43Impact
"Push rules" can specify conditions under which they will match, including event_match, which matches event content against a pattern including wildcards.
Certain patterns can cause very poor performance in the matching engine, leading to a denial-of-service when processing moderate length events.
Patches
The issue is patched by https://github.com/matrix-org/synapse/commit/03318a766cac9f8b053db2214d9c332a977d226c.
Workarounds
A potential workaround might be to prevent users from making custom push rules, by blocking such requests at a reverse-proxy.
For more information
If you have any questions or comments about this advisory, email us at security@matrix.org.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "matrix-synapse"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.33.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-29471"
],
"database_specific": {
"cwe_ids": [
"CWE-331",
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-11T17:19:15Z",
"nvd_published_at": "2021-05-11T15:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\n\n\"Push rules\" can specify [conditions](https://matrix.org/docs/spec/client_server/r0.6.1#conditions) under which they will match, including `event_match`, which matches event content against a pattern including wildcards.\n\nCertain patterns can cause very poor performance in the matching engine, leading to a denial-of-service when processing moderate length events.\n\n### Patches\n\nThe issue is patched by https://github.com/matrix-org/synapse/commit/03318a766cac9f8b053db2214d9c332a977d226c.\n\n### Workarounds\n\nA potential workaround might be to prevent users from making custom push rules, by blocking such requests at a reverse-proxy.\n\n### For more information\n\nIf you have any questions or comments about this advisory, email us at security@matrix.org.",
"id": "GHSA-x345-32rc-8h85",
"modified": "2024-09-30T20:43:40Z",
"published": "2021-05-13T20:22:51Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/matrix-org/synapse/security/advisories/GHSA-x345-32rc-8h85"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29471"
},
{
"type": "WEB",
"url": "https://github.com/matrix-org/synapse/commit/03318a766cac9f8b053db2214d9c332a977d226c"
},
{
"type": "PACKAGE",
"url": "https://github.com/matrix-org/synapse"
},
{
"type": "WEB",
"url": "https://github.com/matrix-org/synapse/releases/tag/v1.33.2"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-135.yaml"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Denial of service attack via push rule patterns in matrix-synapse"
}
GHSA-X5PC-H62R-4RGX
Vulnerability from github – Published: 2026-05-15 18:30 – Updated: 2026-05-18 18:31Trog::TOTP versions before 1.006 for Perl generate secrets using rand.
Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.
{
"affected": [],
"aliases": [
"CVE-2026-46474"
],
"database_specific": {
"cwe_ids": [
"CWE-331"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-15T18:16:26Z",
"severity": "HIGH"
},
"details": "Trog::TOTP versions before 1.006 for Perl generate secrets using rand.\n\nSecrets were generated using Perl\u0027s built-in rand function, which is predictable and unsuitable for security usage.",
"id": "GHSA-x5pc-h62r-4rgx",
"modified": "2026-05-18T18:31:24Z",
"published": "2026-05-15T18:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46474"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/TEODESIAN/Trog-TOTP-1.006/changes"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/TEODESIAN/Trog-TOTP-1.006/diff/TEODESIAN/Trog-TOTP-1.005#lib/Trog/TOTP.pm"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/15/18"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XG2H-WX96-XGXR
Vulnerability from github – Published: 2021-05-21 16:26 – Updated: 2026-01-23 22:52Impact
A security-sensitive bug was discovered by Open Source Developer Erik Sundell of Sundell Open Source Consulting AB.
The functions RandomAlphaNumeric(int) and CryptoRandomAlphaNumeric(int) are not as random as they should be. Small values of int in the functions above will return a smaller subset of results than they should. For example, RandomAlphaNumeric(1) will always return a digit in the 0-9 range, while RandomAlphaNumeric(4) will return around ~7 million of the ~13M possible permutations.
This is considered a security release because programs that rely upon random generators for passwords are at an increased risk of brute force-style password guessing. There is also a higher probability of collision.
The problem was the result of a mistaken regular expression that only accepted random strings if they contained a digit from [0-9]. That restriction has been removed.
Patches
This issue has been corrected in v1.1.1.
Workarounds
If you cannot upgrade to v1.1.1, you can work around the issue by calling RandomAlphaNumericCustom(N, true, true)|CryptoRandomAlphaNumericCustom(N, true, true) instead. (Where N is the desired length, and true is the literal boolean true.)
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/Masterminds/goutils"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.1.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-4238"
],
"database_specific": {
"cwe_ids": [
"CWE-331"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-21T14:36:56Z",
"nvd_published_at": null,
"severity": "LOW"
},
"details": "### Impact\n\nA security-sensitive bug was discovered by Open Source Developer *Erik Sundell of Sundell Open Source Consulting AB*.\n\nThe functions `RandomAlphaNumeric(int)` and `CryptoRandomAlphaNumeric(int)` are not as random as they should be. Small values of `int` in the functions above will return a smaller subset of results than they should. For example, `RandomAlphaNumeric(1)` will always return a digit in the 0-9 range, while `RandomAlphaNumeric(4)` will return around ~7 million of the ~13M possible permutations.\n\nThis is considered a security release because programs that rely upon random generators for passwords are at an increased risk of brute force-style password guessing. There is also a higher probability of collision.\n\nThe problem was the result of a mistaken regular expression that only accepted random strings if they contained a digit from `[0-9]`. That restriction has been removed.\n\n### Patches\n\nThis issue has been corrected in v1.1.1.\n\n### Workarounds\n\nIf you cannot upgrade to v1.1.1, you can work around the issue by calling `RandomAlphaNumericCustom(N, true, true)`|`CryptoRandomAlphaNumericCustom(N, true, true)` instead. (Where `N` is the desired length, and `true` is the literal boolean `true`.)",
"id": "GHSA-xg2h-wx96-xgxr",
"modified": "2026-01-23T22:52:01Z",
"published": "2021-05-21T16:26:06Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/Masterminds/goutils/security/advisories/GHSA-xg2h-wx96-xgxr"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4238"
},
{
"type": "WEB",
"url": "https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1"
},
{
"type": "WEB",
"url": "https://github.com/Masterminds/goutils/commit/f1923532a168b8203bfe956d8cd3b17ebece5982"
},
{
"type": "PACKAGE",
"url": "https://github.com/Masterminds/goutils"
},
{
"type": "WEB",
"url": "https://github.com/Masterminds/goutils/releases/tag/v1.1.1"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2022-0411"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be"
}
GHSA-XHG6-78JC-3CWF
Vulnerability from github – Published: 2024-02-21 21:30 – Updated: 2025-02-12 18:31TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0.
{
"affected": [],
"aliases": [
"CVE-2024-22473"
],
"database_specific": {
"cwe_ids": [
"CWE-1279",
"CWE-330",
"CWE-331"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-21T19:15:08Z",
"severity": "MODERATE"
},
"details": "TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0.",
"id": "GHSA-xhg6-78jc-3cwf",
"modified": "2025-02-12T18:31:28Z",
"published": "2024-02-21T21:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22473"
},
{
"type": "WEB",
"url": "https://community.silabs.com/068Vm000001FrjT"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XX3H-J3CX-8QFJ
Vulnerability from github – Published: 2019-07-05 21:08 – Updated: 2021-08-17 15:50DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812.
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "DotNetNuke.Core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.3.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-18326"
],
"database_specific": {
"cwe_ids": [
"CWE-331"
],
"github_reviewed": true,
"github_reviewed_at": "2019-07-05T20:59:37Z",
"nvd_published_at": "2019-07-03T17:15:00Z",
"severity": "HIGH"
},
"details": "DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812.",
"id": "GHSA-xx3h-j3cx-8qfj",
"modified": "2021-08-17T15:50:15Z",
"published": "2019-07-05T21:08:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18326"
},
{
"type": "WEB",
"url": "https://github.com/dnnsoftware/Dnn.Platform/releases"
},
{
"type": "WEB",
"url": "https://www.dnnsoftware.com/community/security/security-center"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Insufficient Entropy in DotNetNuke"
}
Mitigation
Determine the necessary entropy to adequately provide for randomness and predictability. This can be achieved by increasing the number of bits of objects such as keys and seeds.
CAPEC-59: Session Credential Falsification through Prediction
This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.