← Zuruck zu CVEs

CVE-2025-70954

HIGH

7.5

Beschreibung

A Null Pointer Dereference vulnerability exists in the TON Virtual Machine (TVM) within the TON Blockchain before v2025.06. The issue is located in the execution logic of the INMSGPARAM instruction, where the program fails to validate if a specific pointer is null before accessing it. By sending a malicious transaction or smart contract, an attacker can trigger this null pointer dereference, causing the validator node process to crash (segmentation fault). This results in a Denial of Service (DoS) affecting the availability of the entire blockchain network.

CVE Details

CVSS v3.1 Bewertung7.5

SchweregradHIGH

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht2/13/2026

Zuletzt geandert2/18/2026

Quellenvd

Honeypot-Sichtungen0

Schwachen (CWE)

CWE-476

Referenzen

https://gist.github.com/Lucian-code233/04940a264cab50732cc07fd991749226(cve@mitre.org)

https://github.com/ton-blockchain/ton/commit/9e5109d56bc4f2345a00b2271c3711103841b799(cve@mitre.org)

https://github.com/ton-blockchain/ton/releases/tag/v2025.06#:~:text=AArayz%2C%20wy666444%2C%20Robinlzw%2C%20Lucian-code233(cve@mitre.org)

https://mp.weixin.qq.com/s/IbRKrCKdMyIi-azkuqOOvg(cve@mitre.org)

https://www.tonbit.xyz/blog/post/TonBit-Discovers-Critical-Vulnerability-on-TON-Virtual-Machine-for-the-Third-Time-Once-Again-Receiving-Official-Recognition-from-the-TON-Team.html(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.