High severity7.5NVD Advisory· Published Aug 9, 2023· Updated Jun 17, 2026
CVE-2023-39910
CVE-2023-39910
Description
The cryptocurrency wallet entropy seeding mechanism used in Libbitcoin Explorer 3.0.0 through 3.6.0 is weak, aka the Milk Sad issue. The use of an mt19937 Mersenne Twister PRNG restricts the internal entropy to 32 bits regardless of settings. This allows remote attackers to recover any wallet private keys generated from "bx seed" entropy output and steal funds. (Affected users need to move funds to a secure new cryptocurrency wallet.) NOTE: the vendor's position is that there was sufficient documentation advising against "bx seed" but others disagree. NOTE: this was exploited in the wild in June and July 2023.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Libbitcoin/Libbitcoin Explorerdescription
- Range: 3.0.0-3.6.0
Patches
Vulnerability mechanics
References
5- github.com/libbitcoin/libbitcoin-explorer/blob/20eba4db9a8a3476949d6fd08a589abda7fde3e3/src/commands/seed.cppnvdThird Party Advisory
- github.com/libbitcoin/libbitcoin-explorer/blob/20eba4db9a8a3476949d6fd08a589abda7fde3e3/src/utility.cppnvdThird Party Advisory
- github.com/libbitcoin/libbitcoin-system/blob/a1b777fc51d9c04e0c7a1dec5cc746b82a6afe64/src/crypto/pseudo_random.cppnvdThird Party Advisory
- milksad.info/disclosure.htmlnvdThird Party Advisory
- news.ycombinator.com/itemnvdThird Party Advisory
News mentions
0No linked articles in our index yet.