Vulnerability Description
A Stack Overflow vulnerability was discovered in the TON Virtual Machine (TVM) before v2024.10. The vulnerability stems from the improper handling of vmstate and continuation jump instructions, which allow for continuous dynamic tail calls. An attacker can exploit this by crafting a smart contract with deeply nested jump logic. Even within permissible gas limits, this nested execution exhausts the host process's stack space, causing the validator node to crash. This results in a Denial of Service (DoS) for the TON blockchain network.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://gist.github.com/Lucian-code233/25b0a13be569db9160340d9ecd2fdf0d
- https://github.com/ton-blockchain/ton/commit/b5734d2e30b9c93cfdacb4ea37c9ebdf11c
- https://github.com/ton-blockchain/ton/releases/tag/v2024.10#:~:text=krigga%20%28
- https://mp.weixin.qq.com/s/wy2ea6udkNZzIsp1K2LEOQ
FAQ
What is CVE-2025-70955?
CVE-2025-70955 is a vulnerability with a CVSS score of 7.5 (HIGH). A Stack Overflow vulnerability was discovered in the TON Virtual Machine (TVM) before v2024.10. The vulnerability stems from the improper handling of vmstate and continuation jump instructions, which ...
How severe is CVE-2025-70955?
CVE-2025-70955 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-70955?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.