CVE-2004-2597

Name of the Vulnerable Software and Affected Versions Quake II server versions prior to R1Q2

Description The issue allows remote attackers to bypass IP-based access control rules by sending a userinfo string that contains an ip key/value pair and is long enough to cause a new key/value pair to be truncated. This truncation interferes with the server's ability to find the client's IP address.

Recommendations For Quake II server versions prior to R1Q2, consider updating to version R1Q2 or later to resolve the issue. As a temporary workaround, consider restricting access to the server or implementing additional access control measures to minimize the risk of exploitation.