Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
TON Lite Server crashes if given certain input
CVE-2025-70957
Summary
A bug in the TON Lite Server before version 2024.09 can cause it to use up all its processing power, making it unavailable to legitimate users. This can happen when the server is given a special type of input that it doesn't handle correctly. To stay safe, update to version 2024.09 or later.
Original title
A Denial of Service (DoS) vulnerability was discovered in the TON Lite Server before v2024.09. The vulnerability arises from the handling of external arguments passed to locally executed "get metho...
Original description
A Denial of Service (DoS) vulnerability was discovered in the TON Lite Server before v2024.09. The vulnerability arises from the handling of external arguments passed to locally executed "get methods." An attacker can inject a constructed Continuation object (an internal TVM type) that is normally restricted within the VM. When the TVM executes this malicious continuation, it consumes excessive CPU resources while accruing disproportionately low virtual gas costs. This "free" computation allows an attacker to monopolize the Lite Server's processing power, significantly reducing its throughput and causing a denial of service for legitimate users acting through the gateway.
nvd CVSS3.1
7.5
Vulnerability type
CWE-674
Published: 13 Feb 2026 · Updated: 10 Mar 2026 · First seen: 6 Mar 2026