CVE-2025-70955
- Source
- https://cve.org/CVERecord?id=CVE-2025-70955
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-70955.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-70955
- Published
- 2026-02-13T22:16:10.170Z
- Modified
- 2026-02-20T07:43:41.948983Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A Stack Overflow vulnerability was discovered in the TON Virtual Machine (TVM) before v2024.10. The vulnerability stems from the improper handling of vmstate and continuation jump instructions, which allow for continuous dynamic tail calls. An attacker can exploit this by crafting a smart contract with deeply nested jump logic. Even within permissible gas limits, this nested execution exhausts the host process's stack space, causing the validator node to crash. This results in a Denial of Service (DoS) for the TON blockchain network.
- References
-
- https://gist.github.com/Lucian-code233/25b0a13be569db9160340d9ecd2fdf0d
- https://github.com/ton-blockchain/ton/releases/tag/v2024.10#:~:text=krigga%20%28emulator%29%2C-%2CArayz%2C-%40%20TonBit%20%28LS%20security
- https://mp.weixin.qq.com/s/wy2ea6udkNZzIsp1K2LEOQ
- https://github.com/ton-blockchain/ton/commit/b5734d2e30b9c93cfdacb4ea37c9ebdf11ca5d49#diff-17eca9db515992a081522236bf9bad767fac171044f7c00c20bf740f4206b3de
Affected packages
Git / github.com/ton-blockchain/ton
Affected ranges
- Type
- GIT
- Repo
- https://github.com/ton-blockchain/ton
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
func-0.*
func-0.0.99
func-0.1.0
func-0.2.0
func-0.3.0
func-0.4.0
func-0.4.1
func-0.4.2
func-0.4.3
func-0.4.4
Other
newton-end
newton-start
perfomance-test
v2022.*
v2022.05
v2022.06
v2022.08
v2022.09
v2022.10
v2022.12
v2023.*
v2023.01
v2023.03
v2023.04
v2023.05
v2023.06
v2023.10
v2023.11
v2023.12
v2024.*
v2024.01
v2024.02
v2024.03
v2024.04
v2024.06
v2024.08
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-70955.json"
vanir_signatures
[
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"88913006882515314413760516192394449810",
"238874737493550236180622855258642238338",
"42752779269285155381873415356467429896",
"223394281905929991679618156935563049667"
]
},
"source": "https://github.com/ton-blockchain/ton/commit/b5734d2e30b9c93cfdacb4ea37c9ebdf11ca5d49",
"signature_type": "Line",
"id": "CVE-2025-70955-08982075",
"target": {
"file": "crypto/vm/vm.h"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"263741126355815878033796893799420716656",
"23966730787323171584115399916474697604",
"6217848691370944847452511831159643619",
"189270584330791524969557140198469145078",
"266021005454598907060351269412431125997",
"273591805842213126874919759678775776454",
"315197321861631078348160034457349462496",
"244411286109110010642422991241056938060",
"266323037686684245206459817786707785380",
"50278518407596089143884116987092737993",
"309255596262260248383025738033992632001",
"20576406401530422058420636881731348946",
"177085225397558496583683394962495624432",
"7259832182734888592289799159281881927",
"203279631396898214195242857017051679767",
"39459832963799755354008841444491952593",
"182008395269949393955577992487080452849",
"226701661699790055074075698001158451655",
"188965129698394041975903758839806615555",
"25257999018254351654455582168511927906",
"177409387018820273634444389622113043055",
"55905254522650065375854054216611983576",
"208429072487719089378370566754690050641",
"306890407483821346398136043568472131288",
"222850170248021342407460540536512059728",
"69102762910235293606717689862030678234",
"50142253143403017353314524606294691698",
"156440951238937136859545637197989880941",
"131320168793129190102043537018931738570",
"114007757341136364897604889588402470519",
"153379481298968480175343029097891598901",
"237663165829497254933051396316399234343",
"1887854931927971833990054351230819870",
"3162608160882741891396060059134912119",
"211123278266554061335967185132513758861",
"174984054081791893136938578180956185630",
"287325186479510456840081635265719228414",
"278343704071815861974020385942165657826",
"208914714790704053159744790210135349847",
"32021363285335007396947054623379120602",
"215360364854185280772953387970811920473",
"57799323280313451631009928132057170637",
"61389343248441787127415334412655186084",
"299249497128312856502925816973236921124",
"219048532487295917393574795495116759619",
"252808458143609817564386150943189152727",
"26678518589135310264561052249914972449",
"316182622193116180894755532580251179928",
"23171249555085177268547618397513859823",
"282188579318036888003386251796429056498",
"324513877987549347105997164741621703306",
"333379979691419624287797251335393414225",
"224433140679484949663144396120326218723",
"274520287091204110780410492619684354413",
"161700374954010190685522711802880701221",
"198920178607194113120575145337576957097",
"139419450244911371399296928989193994496",
"20210812302331144766437875312001229452",
"240216176572684533694370915646186353307",
"177689238235777608481853217296048993023",
"17549287630264700722145342065046850516",
"156269350829971074499075341377319628228",
"68860937811626426384564084111982546250",
"257599626596799461203524722644319415111",
"115769735684514857291225022745395827528",
"146929922026198317929686257802076892248",
"288475032901339785606918774294780250582",
"76588096671635837831877978954565558332",
"282381055719339019808227018154743947814",
"246290580716806188299782843788786880373",
"298535884532990846490475840771352872268",
"273871571214315445613002740018228646973",
"256498016620855774166234680681008723638",
"127121965228716001319038819438560753736",
"113719313237285528535772485340669644038",
"141531266839269252215579531085879462736",
"330158028954500949792931746361916498353",
"304581345851717024299776412809181159683",
"181794309181945401495245899954575024822",
"124194825523741050737432184932165685084",
"177080010350167019744327566963201308895",
"65884804355626681152904305126609455728",
"312512997336666919873344996864475475543",
"244065275103685835521958087457055709037",
"147815107333279398587325676827930979513",
"23247491798410557824008935297281831647",
"204572197576297015832169986449161914204",
"255937003967489096467536396285677970436",
"290157535075928104575496678877883828884",
"11099812390002786418276993573136936876",
"168176273507736305070098064525441231622",
"283333662897715880678215890732390693859",
"69535925312790704596245511441035665525",
"104184785827783140920496982605295183865",
"216253225868367445163694640952731436011",
"85648889830180342539438755394429949621",
"300837294794852792969508136910832582273",
"166219694109549758862482776921940429635",
"311112898181154813402966094110626248426",
"277390886304794392000845135952009182082",
"10707678845595035594697303258351753916",
"215778969300003279015912458982279849938",
"196525039471831770915040480139892184433",
"238695617862490879222548753715867517877",
"251662746910812480820046365482483405783",
"79367133949009722938509734803191815302",
"129499058618291575871305944116986816583",
"226493294819396269796473402342981806692",
"200228568855914518873324957496373794616",
"37924180348402723284075152381376849297",
"84338762515838911472267557208445309968",
"254016567543583928316881533082439270646",
"215668956000626492229538311055380301010",
"36313111208920745406524823292382128372",
"146239601087069821782571915089991981188",
"153933434286453823618618631230415046389",
"128618564688841657449999782964747866486",
"125180216029971989531710733019957848956",
"297137646599364471714665168012966527320",
"269129551623269388275711502100969513261",
"39427030988177342564063190956300514047",
"249799526572723577236934319188129374189",
"227281323080710035415287775247675580975",
"254653360468569814540648264695894792028",
"12862822168146182691494452078334084566",
"121003270485380075487507150875007340900",
"238257454895226173905597292928518752729",
"7643394506652550816093987038430658682",
"322989195049810651004351247340452324236",
"163625711320599192451658679441093601657",
"3451904654094523557597877382390129229",
"281837223798907409503016233425481266633",
"195653448111943769906052074161447541278",
"310069404440635977445193749595062504326",
"245593787670247804413017960643927748205",
"64973687254208672655744625503409941436",
"124038432048328294258894251747260333874",
"163797200571677687315112080749739189784",
"175797058449349956513386364391723297539",
"326930223144790495222198481935335961160",
"238695617862490879222548753715867517877",
"253205761117349166451763836583636754805",
"200757811008620853791639467214732061935",
"285029843313559743402020678787622432738",
"272883188373923894754117764466665001722",
"145436391841492365152456164256835730114",
"210533225130631922738974534271037328375",
"334108580627692893279024348371875766900",
"220691348784577087818794323376043641526",
"104660145249444802624116713009390495892",
"181727803289980168352327575982499555051",
"48345432218342618076564087019875548575",
"262846911306920318403828480920366274175",
"181418181824078105943951277026545176293",
"54606186053066621912754167869404968700",
"153594088277603312419457739422861521231",
"169900319751446229198233858662760405218",
"282194811122035726851581396273830818645",
"230030581486703582098498901305776149718",
"113886765765570208153392969354412754954",
"241305439927986747038888293216910707947",
"275388391274142935622016991604736624592",
"222450855309448080756205863146682194884",
"120817329629362233032262447353850238217",
"38287475695286540218560255698076030376",
"158669305776745166685926354116089447929",
"191573228141765431969538313587184198828",
"140031959298950926762318567700739105682",
"113429755996268697470088070703684673425",
"51786778593561523564526329793007330734",
"220684662343211080661996549761114091442",
"212774301038058553232267629363463096754",
"144245858008663584651538151504024487373",
"266585037818415126681183899386795320204"
]
},
"source": "https://github.com/ton-blockchain/ton/commit/b5734d2e30b9c93cfdacb4ea37c9ebdf11ca5d49",
"signature_type": "Line",
"id": "CVE-2025-70955-2d7874ea",
"target": {
"file": "crypto/vm/continuation.cpp"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"115136197968905115923050881796190776596",
"166850048054380409787902851239358321602",
"316647708227248475552577618477201357933",
"158910214973024157611971110770133876830",
"181977279245089510762556420586763960526",
"323226157291462792736803636130005751607",
"43424027902991918082665794063874004753",
"97536164085856529361754914631383536911",
"271595304103420388369544611826032817190",
"185191636237038279356413875037465689025",
"59740235583645115301992518157014387282",
"83714069431314079732631480816040980911",
"34549302515271487766813844160642809030",
"276632066059128758539335880397235506566",
"153756668599822286194976893497679493162",
"309189899563444724679820129244976907564",
"231644036935508635955381038952931602982",
"99537827197928077481140193399948055524",
"163197635925779496964347006853237682198",
"191767962573685046757707249060548670846",
"161803961386678287698920461876210976786",
"270846079743524613196725275268998377387",
"275425073296118843541106147295694345937",
"205860543249729847310232616321896606394",
"332453005497131883395783388906816767705",
"130872737893416934162176501366976896762",
"18970342196014067881521621075587263379",
"206516672602590160171304954128244284149",
"174168737513168616157380650707182489727",
"124318143425039348420164395628802030622",
"265536424472084094124171013911510373833",
"27609225202015761885481757237474373665",
"122847868275383679584704051183687297391",
"141769608234543410580970166174112900452",
"50585214820287063356634180918429652977",
"78860217074627516844811143385255808450",
"89837887076733931899794647119286442983",
"193903761883812598337891615210649027376",
"329827443726408707985259585682763525460",
"114077275136393170121509982539433215591",
"100645734968952875290591244509879200692",
"76763589405091975983633062930776962321",
"209451943102812602135460705760492085664",
"308189116305047317546561553104982674536",
"123430484517614144873449365158998940504",
"285101606773813575453993364716322938803",
"49491542480949833222674660453026638702",
"209451943102812602135460705760492085664",
"308189116305047317546561553104982674536"
]
},
"source": "https://github.com/ton-blockchain/ton/commit/b5734d2e30b9c93cfdacb4ea37c9ebdf11ca5d49",
"signature_type": "Line",
"id": "CVE-2025-70955-9bd2214f",
"target": {
"file": "crypto/vm/continuation.h"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "323694722183037596589906690998782026484",
"length": 136.0
},
"source": "https://github.com/ton-blockchain/ton/commit/b5734d2e30b9c93cfdacb4ea37c9ebdf11ca5d49",
"signature_type": "Function",
"id": "CVE-2025-70955-a96cc0e2",
"target": {
"file": "crypto/vm/vm.h",
"function": "jump_to"
}
}
]