CVE-2025-70955
Stack Overflow in TON VM Causes Validator Node DoS
Publication date: 2026-02-13
Last updated on: 2026-02-18
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ton | virtual_machine | to v2024.10 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-674 | The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Stack Overflow issue in the TON Virtual Machine (TVM) before version 2024.10. It occurs because the VM improperly handles vmstate and continuation jump instructions, which allow continuous dynamic tail calls. An attacker can exploit this by creating a smart contract with deeply nested jump logic. Even if the gas limits are respected, this nested execution exhausts the stack space of the host process.
As a result, the validator node running the TVM crashes, causing a Denial of Service (DoS) for the TON blockchain network.
How can this vulnerability impact me? :
The primary impact of this vulnerability is a Denial of Service (DoS) on the TON blockchain network. If exploited, it causes validator nodes to crash by exhausting their stack space.
This can disrupt the normal operation of the blockchain, potentially affecting transaction validation and network reliability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know