CVE-2025-70956

Source
https://cve.org/CVERecord?id=CVE-2025-70956
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-70956.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-70956
Published
2026-02-13T22:16:10.290Z
Modified
2026-04-10T05:36:59.467369Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A State Pollution vulnerability was discovered in the TON Virtual Machine (TVM) before v2025.04. The issue exists in the RUNVM instruction logic (VmState::runchildvm), which is responsible for initializing child virtual machines. The operation moves critical resources (specifically libraries and log) from the parent state to a new child state in a non-atomic manner. If an Out-of-Gas (OOG) exception occurs after resources are moved but before the state transition is finalized, the parent VM retains a corrupted state where these resources are emptied/invalid. Because RUNVM supports gas isolation, the parent VM continues execution with this corrupted state, leading to unexpected behavior or denial of service within the contract's context.

References

Affected packages

Git / github.com/ton-blockchain/ton

Affected ranges

Type
GIT
Repo
https://github.com/ton-blockchain/ton
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Database specific
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "v2025.04"
        }
    ]
}

Affected versions

func-0.*
func-0.0.99
func-0.1.0
func-0.2.0
func-0.3.0
func-0.4.0
func-0.4.1
func-0.4.2
func-0.4.3
func-0.4.4
func-0.4.5
func-0.4.6
Other
newton-end
newton-start
perfomance-test
tolk-0.*
tolk-0.10
tolk-0.8
tolk-0.9
tolk0.*
tolk0.7
v2022.*
v2022.05
v2022.06
v2022.08
v2022.09
v2022.10
v2022.12
v2023.*
v2023.01
v2023.03
v2023.04
v2023.05
v2023.06
v2023.10
v2023.11
v2023.12
v2024.*
v2024.01
v2024.02
v2024.03
v2024.04
v2024.06
v2024.08
v2024.09
v2024.10
v2024.12-1
v2024.12-alpha
v2025.*
v2025.02
v2025.03

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-70956.json"