4435 matches found
CVE-2025-70956
A State Pollution vulnerability was discovered in the TON Virtual Machine TVM before v2025.04. The issue exists in the RUNVM instruction logic VmState::runchildvm, which is responsible for initializing child virtual machines. The operation moves critical resources specifically libraries and log...
CVE-2025-70955
A Stack Overflow vulnerability was discovered in the TON Virtual Machine TVM before v2024.10. The vulnerability stems from the improper handling of vmstate and continuation jump instructions, which allow for continuous dynamic tail calls. An attacker can exploit this by crafting a smart contract...
CVE-2025-70954
A Null Pointer Dereference vulnerability exists in the TON Virtual Machine TVM within the TON Blockchain before v2025.06. The issue is located in the execution logic of the INMSGPARAM instruction, where the program fails to validate if a specific pointer is null before accessing it. By sending a...
CVE-2024-21961
Improper restriction of operations within the bounds of a memory buffer in PCIe® Link could allow an attacker with access to a guest virtual machine to potentially perform a denial of service attack against the host resulting in loss of availability...
TON 安全漏洞
TON is a blockchain software developed under open source. Versions of TON prior to v2025.06 contained security vulnerabilities. These vulnerabilities stemmed from empty pointer dereferences in the TON Virtual Machine, which could allow attackers to cause verification nodes to crash through...
TON 安全漏洞
TON is a blockchain software developed under open source. Versions of TON prior to v2025.04 contained security vulnerabilities. These vulnerabilities stemmed from state pollution in the RUNVM instruction logic, which could lead to corruption of the parent virtual machine’s state...
CVE-2025-70955
The TON Virtual Machine (TVM) vulnerability CVE-2025-70955 affects TVM versions prior to 2024.10. Root cause: improper handling of vmstate and continuation jump instructions, allowing continuous dynamic tail calls. An attacker can craft a smart contract with deeply nested jump logic, leading to n...
CVE-2025-70956
A State Pollution vulnerability was discovered in the TON Virtual Machine TVM before v2025.04. The issue exists in the RUNVM instruction logic VmState::runchildvm, which is responsible for initializing child virtual machines. The operation moves critical resources specifically libraries and log...
CVE-2025-70956
A State Pollution vulnerability was discovered in the TON Virtual Machine TVM before v2025.04. The issue exists in the RUNVM instruction logic VmState::runchildvm, which is responsible for initializing child virtual machines. The operation moves critical resources specifically libraries and log...
CVE-2025-70955
A Stack Overflow vulnerability was discovered in the TON Virtual Machine TVM before v2024.10. The vulnerability stems from the improper handling of vmstate and continuation jump instructions, which allow for continuous dynamic tail calls. An attacker can exploit this by crafting a smart contract...
CVE-2025-70954
A Null Pointer Dereference vulnerability exists in the TON Virtual Machine TVM within the TON Blockchain before v2025.06. The issue is located in the execution logic of the INMSGPARAM instruction, where the program fails to validate if a specific pointer is null before accessing it. By sending a...
PT-2026-8029
Name of the Vulnerable Software and Affected Versions TON Virtual Machine TVM versions prior to 2025.04 Description A state pollution issue exists in the TON Virtual Machine TVM due to non-atomic resource handling within the RUNVM instruction logic, specifically in the VmState::run child vm...
PT-2026-8035
Name of the Vulnerable Software and Affected Versions TON Blockchain versions prior to 2025.06 Description A flaw exists in the TON Virtual Machine TVM within the TON Blockchain. The issue resides in the execution logic of the INMSGPARAM instruction, where the program does not validate if a point...
PT-2026-8036
Name of the Vulnerable Software and Affected Versions TON Virtual Machine versions prior to 2024.10 Description A Stack Overflow issue exists in the TON Virtual Machine TVM. The root cause is the improper handling of vmstate and continuation jump instructions, leading to continuous dynamic tail...
CVE-2025-70957
A Denial of Service DoS vulnerability was discovered in the TON Lite Server before v2024.09. The vulnerability arises from the handling of external arguments passed to locally executed "get methods." An attacker can inject a constructed Continuation object an internal TVM type that is normally...
CVE-2025-70954
A Null Pointer Dereference vulnerability exists in the TON Virtual Machine TVM within the TON Blockchain before v2025.06. The issue is located in the execution logic of the INMSGPARAM instruction, where the program fails to validate if a specific pointer is null before accessing it. By sending a...
CVE-2025-70954
A Null Pointer Dereference vulnerability exists in the TON Virtual Machine TVM within the TON Blockchain before v2025.06. The issue is located in the execution logic of the INMSGPARAM instruction, where the program fails to validate if a specific pointer is null before accessing it. By sending a...
CVE-2025-70956
A State Pollution vulnerability was discovered in the TON Virtual Machine TVM before v2025.04. The issue exists in the RUNVM instruction logic VmState::runchildvm, which is responsible for initializing child virtual machines. The operation moves critical resources specifically libraries and log...
CVE-2025-70955
A Stack Overflow vulnerability was discovered in the TON Virtual Machine TVM before v2024.10. The vulnerability stems from the improper handling of vmstate and continuation jump instructions, which allow for continuous dynamic tail calls. An attacker can exploit this by crafting a smart contract...
CVE-2025-70957
A Denial of Service DoS vulnerability was discovered in the TON Lite Server before v2024.09. The vulnerability arises from the handling of external arguments passed to locally executed "get methods." An attacker can inject a constructed Continuation object an internal TVM type that is normally...