Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-kmam-wvya-qkfx
Vulnerability ID VCID-kmam-wvya-qkfx
Aliases CVE-2011-0539
Summary The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
cvssv3.1 7.5 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777
ssvc Track http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777
cvssv3.1 7.5 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673
ssvc Track http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673
epss 0.02075 https://api.first.org/data/v1/epss?cve=CVE-2011-0539
epss 0.02075 https://api.first.org/data/v1/epss?cve=CVE-2011-0539
epss 0.02075 https://api.first.org/data/v1/epss?cve=CVE-2011-0539
cvssv3.1 7.5 http://secunia.com/advisories/43181
ssvc Track http://secunia.com/advisories/43181
cvssv3.1 7.5 http://secunia.com/advisories/44269
ssvc Track http://secunia.com/advisories/44269
cvssv3.1 7.5 https://exchange.xforce.ibmcloud.com/vulnerabilities/65163
ssvc Track https://exchange.xforce.ibmcloud.com/vulnerabilities/65163
cvssv3.1 7.5 http://www.openssh.com/txt/legacy-cert.adv
ssvc Track http://www.openssh.com/txt/legacy-cert.adv
cvssv3.1 7.5 http://www.openwall.com/lists/oss-security/2011/02/04/2
ssvc Track http://www.openwall.com/lists/oss-security/2011/02/04/2
cvssv3.1 7.5 http://www.securityfocus.com/bid/46155
ssvc Track http://www.securityfocus.com/bid/46155
cvssv3.1 7.5 http://www.securitytracker.com/id?1025028
ssvc Track http://www.securitytracker.com/id?1025028
cvssv3.1 7.5 http://www.vupen.com/english/advisories/2011/0284
ssvc Track http://www.vupen.com/english/advisories/2011/0284
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0539.json
https://api.first.org/data/v1/epss?cve=CVE-2011-0539
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0539
0284 http://www.vupen.com/english/advisories/2011/0284
2 http://www.openwall.com/lists/oss-security/2011/02/04/2
43181 http://secunia.com/advisories/43181
44269 http://secunia.com/advisories/44269
46155 http://www.securityfocus.com/bid/46155
65163 https://exchange.xforce.ibmcloud.com/vulnerabilities/65163
675254 https://bugzilla.redhat.com/show_bug.cgi?id=675254
Document.jsp?objectID=c02794777 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777
id?1025028 http://www.securitytracker.com/id?1025028
index?page=content&id=JSA10673 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673
legacy-cert.adv http://www.openssh.com/txt/legacy-cert.adv
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:34:38Z/ Found at http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:34:38Z/ Found at http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://secunia.com/advisories/43181
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:34:38Z/ Found at http://secunia.com/advisories/43181
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://secunia.com/advisories/44269
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:34:38Z/ Found at http://secunia.com/advisories/44269
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://exchange.xforce.ibmcloud.com/vulnerabilities/65163
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:34:38Z/ Found at https://exchange.xforce.ibmcloud.com/vulnerabilities/65163
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://www.openssh.com/txt/legacy-cert.adv
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:34:38Z/ Found at http://www.openssh.com/txt/legacy-cert.adv
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://www.openwall.com/lists/oss-security/2011/02/04/2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:34:38Z/ Found at http://www.openwall.com/lists/oss-security/2011/02/04/2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://www.securityfocus.com/bid/46155
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:34:38Z/ Found at http://www.securityfocus.com/bid/46155
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://www.securitytracker.com/id?1025028
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:34:38Z/ Found at http://www.securitytracker.com/id?1025028
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://www.vupen.com/english/advisories/2011/0284
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:34:38Z/ Found at http://www.vupen.com/english/advisories/2011/0284
Exploit Prediction Scoring System (EPSS)
Percentile 0.84323
EPSS Score 0.02075
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T17:32:00.758331+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2011/0xxx/CVE-2011-0539.json 38.6.0