Common Weakness Enumeration

CWE-331

Allowed

Insufficient Entropy

Abstraction: Base · Status: Draft

The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

207 vulnerabilities reference this CWE, most recent first.

GHSA-WWX9-MWHP-G8MC

Vulnerability from github – Published: 2022-05-13 01:26 – Updated: 2022-05-13 01:26
VLAI
Details

ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2015-3405"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-331"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-08-09T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.",
  "id": "GHSA-wwx9-mwhp-g8mc",
  "modified": "2022-05-13T01:26:15Z",
  "published": "2022-05-13T01:26:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3405"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2015:1459"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2015:2231"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2015-3405"
    },
    {
      "type": "WEB",
      "url": "https://bugs.ntp.org/show_bug.cgi?id=2797"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1210324"
    },
    {
      "type": "WEB",
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03886en_us"
    },
    {
      "type": "WEB",
      "url": "http://bk1.ntp.org/ntp-stable/?PAGE=patch\u0026REV=55199296N2gFqH1Hm5GOnhrk9Ypygg"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156248.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1459.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-2231.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2015/dsa-3223"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2015/dsa-3388"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/23/14"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/74045"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WXV8-W48J-R2F4

Vulnerability from github – Published: 2026-05-11 18:31 – Updated: 2026-06-10 21:31
VLAI
Details

xml.parsers.expat and xml.etree.ElementTree use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-7210"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-331"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-11T18:16:42Z",
    "severity": "MODERATE"
  },
  "details": "`xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\\r\\n\\r\\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch.",
  "id": "GHSA-wxv8-w48j-r2f4",
  "modified": "2026-06-10T21:31:24Z",
  "published": "2026-05-11T18:31:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7210"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/issues/149018"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/pull/149023"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/commit/24b8f12544468e4cedf5bfbe25442fcd495391e4"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/commit/3573b3b1ecbd99030a0b18658e1bfece771b2566"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/commit/eeea765cb9d8f1fc3d8918b272ac3c477983f27a"
    },
    {
      "type": "WEB",
      "url": "https://github.com/python/cpython/commit/fc9b11ff49cbc82e6f917d07a61517a2b5f3145f"
    },
    {
      "type": "WEB",
      "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/PNY5OMBDPM2FRUZTWFFPJ6LISWKV627K"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/11/13"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/11/8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-X345-32RC-8H85

Vulnerability from github – Published: 2021-05-13 20:22 – Updated: 2024-09-30 20:43
VLAI
Summary
Denial of service attack via push rule patterns in matrix-synapse
Details

Impact

"Push rules" can specify conditions under which they will match, including event_match, which matches event content against a pattern including wildcards.

Certain patterns can cause very poor performance in the matching engine, leading to a denial-of-service when processing moderate length events.

Patches

The issue is patched by https://github.com/matrix-org/synapse/commit/03318a766cac9f8b053db2214d9c332a977d226c.

Workarounds

A potential workaround might be to prevent users from making custom push rules, by blocking such requests at a reverse-proxy.

For more information

If you have any questions or comments about this advisory, email us at security@matrix.org.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "matrix-synapse"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.33.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-29471"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-331",
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-11T17:19:15Z",
    "nvd_published_at": "2021-05-11T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\n\"Push rules\" can specify [conditions](https://matrix.org/docs/spec/client_server/r0.6.1#conditions) under which they will match, including `event_match`, which matches event content against a pattern including wildcards.\n\nCertain patterns can cause very poor performance in the matching engine, leading to a denial-of-service when processing moderate length events.\n\n### Patches\n\nThe issue is patched by https://github.com/matrix-org/synapse/commit/03318a766cac9f8b053db2214d9c332a977d226c.\n\n### Workarounds\n\nA potential workaround might be to prevent users from making custom push rules, by blocking such requests at a reverse-proxy.\n\n### For more information\n\nIf you have any questions or comments about this advisory, email us at security@matrix.org.",
  "id": "GHSA-x345-32rc-8h85",
  "modified": "2024-09-30T20:43:40Z",
  "published": "2021-05-13T20:22:51Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/matrix-org/synapse/security/advisories/GHSA-x345-32rc-8h85"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29471"
    },
    {
      "type": "WEB",
      "url": "https://github.com/matrix-org/synapse/commit/03318a766cac9f8b053db2214d9c332a977d226c"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/matrix-org/synapse"
    },
    {
      "type": "WEB",
      "url": "https://github.com/matrix-org/synapse/releases/tag/v1.33.2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2021-135.yaml"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNNAJOZNMVMXM6AS7RFFKB4QLUJ4IFEY"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Denial of service attack via push rule patterns in matrix-synapse"
}

GHSA-X5PC-H62R-4RGX

Vulnerability from github – Published: 2026-05-15 18:30 – Updated: 2026-05-18 18:31
VLAI
Details

Trog::TOTP versions before 1.006 for Perl generate secrets using rand.

Secrets were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-46474"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-331"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-15T18:16:26Z",
    "severity": "HIGH"
  },
  "details": "Trog::TOTP versions before 1.006 for Perl generate secrets using rand.\n\nSecrets were generated using Perl\u0027s built-in rand function, which is predictable and unsuitable for security usage.",
  "id": "GHSA-x5pc-h62r-4rgx",
  "modified": "2026-05-18T18:31:24Z",
  "published": "2026-05-15T18:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46474"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/TEODESIAN/Trog-TOTP-1.006/changes"
    },
    {
      "type": "WEB",
      "url": "https://metacpan.org/release/TEODESIAN/Trog-TOTP-1.006/diff/TEODESIAN/Trog-TOTP-1.005#lib/Trog/TOTP.pm"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/05/15/18"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XG2H-WX96-XGXR

Vulnerability from github – Published: 2021-05-21 16:26 – Updated: 2026-01-23 22:52
VLAI
Summary
RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be
Details

Impact

A security-sensitive bug was discovered by Open Source Developer Erik Sundell of Sundell Open Source Consulting AB.

The functions RandomAlphaNumeric(int) and CryptoRandomAlphaNumeric(int) are not as random as they should be. Small values of int in the functions above will return a smaller subset of results than they should. For example, RandomAlphaNumeric(1) will always return a digit in the 0-9 range, while RandomAlphaNumeric(4) will return around ~7 million of the ~13M possible permutations.

This is considered a security release because programs that rely upon random generators for passwords are at an increased risk of brute force-style password guessing. There is also a higher probability of collision.

The problem was the result of a mistaken regular expression that only accepted random strings if they contained a digit from [0-9]. That restriction has been removed.

Patches

This issue has been corrected in v1.1.1.

Workarounds

If you cannot upgrade to v1.1.1, you can work around the issue by calling RandomAlphaNumericCustom(N, true, true)|CryptoRandomAlphaNumericCustom(N, true, true) instead. (Where N is the desired length, and true is the literal boolean true.)

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/Masterminds/goutils"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-4238"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-331"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-21T14:36:56Z",
    "nvd_published_at": null,
    "severity": "LOW"
  },
  "details": "### Impact\n\nA security-sensitive bug was discovered by Open Source Developer *Erik Sundell of Sundell Open Source Consulting AB*.\n\nThe functions `RandomAlphaNumeric(int)` and `CryptoRandomAlphaNumeric(int)` are not as random as they should be. Small values of `int` in the functions above will return a smaller subset of results than they should. For example, `RandomAlphaNumeric(1)` will always return a digit in the 0-9 range, while `RandomAlphaNumeric(4)` will return around ~7 million of the ~13M possible permutations.\n\nThis is considered a security release because programs that rely upon random generators for passwords are at an increased risk of brute force-style password guessing. There is also a higher probability of collision.\n\nThe problem was the result of a mistaken regular expression that only accepted random strings if they contained a digit from `[0-9]`. That restriction has been removed.\n\n### Patches\n\nThis issue has been corrected in v1.1.1.\n\n### Workarounds\n\nIf you cannot upgrade to v1.1.1, you can work around the issue by calling `RandomAlphaNumericCustom(N, true, true)`|`CryptoRandomAlphaNumericCustom(N, true, true)`  instead. (Where `N` is the desired length, and `true` is the literal boolean `true`.)",
  "id": "GHSA-xg2h-wx96-xgxr",
  "modified": "2026-01-23T22:52:01Z",
  "published": "2021-05-21T16:26:06Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/Masterminds/goutils/security/advisories/GHSA-xg2h-wx96-xgxr"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4238"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Masterminds/goutils/commit/f1923532a168b8203bfe956d8cd3b17ebece5982"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Masterminds/goutils"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Masterminds/goutils/releases/tag/v1.1.1"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2022-0411"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be"
}

GHSA-XHG6-78JC-3CWF

Vulnerability from github – Published: 2024-02-21 21:30 – Updated: 2025-02-12 18:31
VLAI
Details

TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-22473"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1279",
      "CWE-330",
      "CWE-331"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-21T19:15:08Z",
    "severity": "MODERATE"
  },
  "details": "TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0.",
  "id": "GHSA-xhg6-78jc-3cwf",
  "modified": "2025-02-12T18:31:28Z",
  "published": "2024-02-21T21:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22473"
    },
    {
      "type": "WEB",
      "url": "https://community.silabs.com/068Vm000001FrjT"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XX3H-J3CX-8QFJ

Vulnerability from github – Published: 2019-07-05 21:08 – Updated: 2021-08-17 15:50
VLAI
Summary
Insufficient Entropy in DotNetNuke
Details

DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "DotNetNuke.Core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.3.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-18326"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-331"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2019-07-05T20:59:37Z",
    "nvd_published_at": "2019-07-03T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812.",
  "id": "GHSA-xx3h-j3cx-8qfj",
  "modified": "2021-08-17T15:50:15Z",
  "published": "2019-07-05T21:08:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18326"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dnnsoftware/Dnn.Platform/releases"
    },
    {
      "type": "WEB",
      "url": "https://www.dnnsoftware.com/community/security/security-center"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Insufficient Entropy in DotNetNuke"
}

Mitigation
Implementation

Determine the necessary entropy to adequately provide for randomness and predictability. This can be achieved by increasing the number of bits of objects such as keys and seeds.

CAPEC-59: Session Credential Falsification through Prediction

This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.