- Description
- The cryptocurrency wallet entropy seeding mechanism used in Libbitcoin Explorer 3.0.0 through 3.6.0 is weak, aka the Milk Sad issue. The use of an mt19937 Mersenne Twister PRNG restricts the internal entropy to 32 bits regardless of settings. This allows remote attackers to recover any wallet private keys generated from "bx seed" entropy output and steal funds. (Affected users need to move funds to a secure new cryptocurrency wallet.) NOTE: the vendor's position is that there was sufficient documentation advising against "bx seed" but others disagree. NOTE: this was exploited in the wild in June and July 2023.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
- nvd@nist.gov
- CWE-338
- Hype score
- Not currently trending
Top 5 Trending CVEs: 1 - CVE-2025-5419 2 - CVE-2025-49144 3 - CVE-2023-39910 4 - CVE-2025-21420 5 - CVE-2025-33073 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
19 Oct 2025
177 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 BenPay Security Notice Recent BTC fraud cases raised RNG concerns (CVE-2023-39910 “Milkysad”). ✅ @BenPayGlobal never used Libbitcoin Explorer or weak RNGs like mt19937. ✅ Not affected by CVE-2023-39910. 🔐 Built on BenFen with zkLogin + MPC for secure, keyless
@Ednaofweb3
17 Oct 2025
4 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 MaterialX, Stack Exhaustion Vulnerability, #CVE-2023-39910 (Critical) https://t.co/FCOpJQ7wuN
@dailycve
31 Jul 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libbitcoin:libbitcoin_explorer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1BE437-D4DF-4582-85C4-E1FA9CEBB33D",
"versionEndIncluding": "3.6.0",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]