Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A Denial of Service (DoS) vulnerability was discovered in the TON Lite Server before v2024.09. The vulnerability arises from the handling of external arguments passed to locally executed "get methods." An attacker can inject a constructed Continuation object (an internal TVM type) that is normally restricted within the VM. When the TVM executes this malicious continuation, it consumes excessive CPU resources while accruing disproportionately low virtual gas costs. This "free" computation allows an attacker to monopolize the Lite Server's processing power, significantly reducing its throughput and causing a denial of service for legitimate users acting through the gateway.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
TON 安全漏洞
Vulnerability Description
TON是TON开源的一个区块链软件。 TON v2024.09之前版本存在安全漏洞,该漏洞源于处理外部参数不当,可能导致攻击者通过特制Continuation对象造成拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A