CVE-2025-70956

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-70956

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-70956.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-70956

Published

2026-02-13T22:16:10.290Z

Modified

2026-02-20T06:33:18.917860Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A State Pollution vulnerability was discovered in the TON Virtual Machine (TVM) before v2025.04. The issue exists in the RUNVM instruction logic (VmState::runchildvm), which is responsible for initializing child virtual machines. The operation moves critical resources (specifically libraries and log) from the parent state to a new child state in a non-atomic manner. If an Out-of-Gas (OOG) exception occurs after resources are moved but before the state transition is finalized, the parent VM retains a corrupted state where these resources are emptied/invalid. Because RUNVM supports gas isolation, the parent VM continues execution with this corrupted state, leading to unexpected behavior or denial of service within the contract's context.

References

Affected packages

Git / github.com/ton-blockchain/ton

Affected ranges

Type: GIT
Repo: https://github.com/ton-blockchain/ton
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

1835d84602bbaaa1593270d7ab3bb0b499920416

Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

cee4c674ea999fecc072968677a34a7545ac9c4d

Affected versions

func-0.*

func-0.0.99

func-0.1.0

func-0.2.0

func-0.3.0

func-0.4.0

func-0.4.1

func-0.4.2

func-0.4.3

func-0.4.4

func-0.4.5

func-0.4.6

Other

newton-end

newton-start

perfomance-test

tolk-0.*

tolk-0.10

tolk-0.8

tolk-0.9

tolk0.*

tolk0.7

v2022.*

v2022.05

v2022.06

v2022.08

v2022.09

v2022.10

v2022.12

v2023.*

v2023.01

v2023.03

v2023.04

v2023.05

v2023.06

v2023.10

v2023.11

v2023.12

v2024.*

v2024.01

v2024.02

v2024.03

v2024.04

v2024.06

v2024.08

v2024.09

v2024.10

v2024.12-1

v2024.12-alpha

v2025.*

v2025.02

v2025.03

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-70956.json"

vanir_signatures

[
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "29324889744851572738815809274921750128",
            "length": 1112.0
        },
        "source": "https://github.com/ton-blockchain/ton/commit/1835d84602bbaaa1593270d7ab3bb0b499920416",
        "signature_type": "Function",
        "id": "CVE-2025-70956-6d1fc490",
        "target": {
            "file": "crypto/vm/vm.cpp",
            "function": "VmState::run_child_vm"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "53894155880948149276052901331365173357",
                "79104320538571693451214850926176828564",
                "307083205793735348047708172252774912473",
                "231488853471609936760833955600202851377"
            ]
        },
        "source": "https://github.com/ton-blockchain/ton/commit/1835d84602bbaaa1593270d7ab3bb0b499920416",
        "signature_type": "Line",
        "id": "CVE-2025-70956-8d510ee1",
        "target": {
            "file": "crypto/vm/vm.cpp"
        }
    }
]