A critical denial of service vulnerability exists in YATinyWinFTP, identified as CVE-2020-36964. An unauthenticated attacker can remotely exploit this flaw by sending a specially crafted command, causing a buffer overflow that crashes the FTP service. This can lead to a complete denial of service, disrupting all file transfer operations and dependent business processes.

This vulnerability is a buffer overflow that occurs when the YATinyWinFTP service processes a malformed command. A remote, unauthenticated attacker can connect to the FTP server and send a 272-byte buffer that includes a trailing space. The application fails to properly validate the input length, leading to a buffer overflow condition that overwrites adjacent memory, causing the service to crash and resulting in a denial of service.

This vulnerability is rated as critical with a CVSS score of 9.8, indicating a severe risk to the organization. Successful exploitation allows any remote attacker to repeatedly crash the FTP service, making it unavailable for legitimate users and disrupting critical file transfer workflows. The high CVSS score suggests that while the immediate described impact is denial of service, the underlying buffer overflow could potentially be leveraged by a skilled attacker to achieve arbitrary code execution, which would lead to a complete compromise of the affected server.

Immediate Action: Immediately update YATinyWinFTP to the latest version provided by the vendor to patch this vulnerability. After patching, monitor for any further exploitation attempts and review historical access logs for indicators of compromise related to this flaw.

Proactive Monitoring: Implement monitoring on the affected FTP server to detect and alert on signs of exploitation. Specifically, monitor for repeated or unexpected service crashes and restarts. Network monitoring should be configured to flag incoming FTP commands that are unusually long or match the specific 272-byte pattern associated with this exploit.

Compensating Controls: If patching cannot be immediately applied, restrict network access to the FTP service to only trusted IP addresses using a firewall. Consider deploying an Intrusion Prevention System (IPS) with signatures capable of detecting and blocking FTP-based buffer overflow attacks. If the FTP service is not essential, consider disabling it entirely until it can be patched.

Public Exploit Available: true

Given the critical severity (CVSS 9.8) and the availability of a simple public exploit, this vulnerability requires immediate attention. We strongly recommend that organizations identify all instances of YATinyWinFTP in their environment and apply the vendor-supplied patch without delay. Although this vulnerability is not currently on the CISA KEV list, its potential for significant business disruption warrants treating it with the highest priority.