Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain sensitive server cvar variables, obtain directory listings, and execute Q2 server admin commands via a client that does not expand $ macros, which causes the server to expand the macros and leak the information, as demonstrated using say $rcon_password.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Quake_2i_server | Id_software | 3.20 (including) | 3.20 (including) |
| Quake_2i_server | Id_software | 3.21 (including) | 3.21 (including) |