TON Blockchain Null Pointer Dereference Vulnerability in Virtual Machine
Vulnerability
A null pointer dereference vulnerability has been identified in the TON Virtual Machine (TVM) within the TON Blockchain, affecting all versions prior to v2025.06. The vulnerability arises in the execution logic of the 'INMSGPARAM' instruction, where the program does not properly validate whether a pointer is null before accessing it. This oversight allows an attacker to send a malicious transaction or smart contract that triggers the null pointer dereference, causing the validator node process to crash with a segmentation fault. As a result, this vulnerability leads to a denial-of-service condition that impacts the availability of the entire blockchain network.
Impact
Exploitation of this vulnerability causes the validator node process to crash, leading to a segmentation fault. This disruption creates a denial-of-service condition that affects the availability of the entire TON Blockchain network.
Remediation
Users can upgrade to TON Blockchain version v2025.06 or later, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.