CVSS 3.1 Score 7.5 of 10 (high)


Published Aug 9, 2023
Updated: Sep 7, 2023
CWE ID 338


CVE-2023-39910, also known as the Milk Sad issue, is a vulnerability that affects the cryptocurrency wallet entropy seeding mechanism used in Libbitcoin Explorer versions 3.0.0 through 3.6.0. This vulnerability stems from the use of an mt19937 Mersenne Twister PRNG, which limits the internal entropy to 32 bits regardless of settings. As a result, remote attackers can exploit this weakness to recover wallet private keys generated from "bx seed" entropy output and steal funds. To remediate this vulnerability, affected users are advised to transfer their funds to a secure new cryptocurrency wallet. It is worth noting that this vulnerability has been exploited in real-world attacks that took place in June and July 2023. The severity of this vulnerability is rated as high due to its potential impact on confidentiality, with a CVSS base score of 7.5.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-39910 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options