CVE-2025-70955
A Stack Overflow vulnerability was discovered in the TON Virtual Machine (TVM) before v2024.10. The vulnerability stems from the improper handling of vmstate and continuation jump instructions, which allow for continuous dynamic tail calls. An attacker can exploit this by crafting a smart contract with deeply nested jump logic. Even within permissible gas limits, this nested execution exhausts the host process's stack space, causing the validator node to crash. This results in a Denial of Service (DoS) for the TON blockchain network.
Vendor
-
Product
-
CWE
Yayın Tarihi
2026-02-13 22:16:10
Güncelleme
2026-02-18 17:52:44
Source Identifier
cve@mitre.org
KEV Date Added
-
Kategoriler
Referanslar
https://gist.github.com/Lucian-code233/25b0a13be569db9160340d9ecd2fdf0d
https://github.com/ton-blockchain/ton/commit/b5734d2e30b9c93cfdacb4ea37c9ebdf11ca5d49#diff-17eca9db515992a081522236bf9bad767fac171044f7c00c20bf740f4206b3de
https://github.com/ton-blockchain/ton/releases/tag/v2024.10#:~:text=krigga%20%28emulator%29%2C-%2CArayz%2C-%40%20TonBit%20%28LS%20security
https://mp.weixin.qq.com/s/wy2ea6udkNZzIsp1K2LEOQ