Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
TON Virtual Machine crashes due to unexpected smart contract execution
CVE-2025-70955
Summary
A weakness in the way TON Virtual Machine handles certain smart contract instructions can cause the system to run out of memory, leading to a crash of the validator node and a disruption to the TON blockchain network. This can be exploited by malicious contracts, even with normal gas limits. To protect your network, update to TON Virtual Machine version 2024.10 or later.
Original title
A Stack Overflow vulnerability was discovered in the TON Virtual Machine (TVM) before v2024.10. The vulnerability stems from the improper handling of vmstate and continuation jump instructions, whi...
Original description
A Stack Overflow vulnerability was discovered in the TON Virtual Machine (TVM) before v2024.10. The vulnerability stems from the improper handling of vmstate and continuation jump instructions, which allow for continuous dynamic tail calls. An attacker can exploit this by crafting a smart contract with deeply nested jump logic. Even within permissible gas limits, this nested execution exhausts the host process's stack space, causing the validator node to crash. This results in a Denial of Service (DoS) for the TON blockchain network.
nvd CVSS3.1
7.5
Vulnerability type
CWE-674
Published: 13 Feb 2026 · Updated: 10 Mar 2026 · First seen: 6 Mar 2026