diff --git a/1007-fix-CVE-2024-4741.patch b/1007-fix-CVE-2024-4741.patch
new file mode 100644
index 0000000000000000000000000000000000000000..a47b56762a4856344ad3eba5de04d4a1102923d6
--- /dev/null
+++ b/1007-fix-CVE-2024-4741.patch
@@ -0,0 +1,72 @@
+From b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d Mon Sep 17 00:00:00 2001
+From: Watson Ladd <watsonbladd@gmail.com>
+Date: Wed, 24 Apr 2024 11:26:56 +0100
+Subject: [PATCH] Only free the read buffers if we're not using them
+
+If we're part way through processing a record, or the application has
+not released all the records then we should not free our buffer because
+they are still needed.
+
+CVE-2024-4741
+
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Reviewed-by: Neil Horman <nhorman@openssl.org>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/24395)
+
+(cherry picked from commit 704f725b96aa373ee45ecfb23f6abfe8be8d9177)
+---
+ ssl/record/rec_layer_s3.c | 9 +++++++++
+ ssl/record/record.h       | 1 +
+ ssl/ssl_lib.c             | 3 +++
+ 3 files changed, 13 insertions(+)
+
+diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
+index 4bcffcc41e..1569997bea 100644
+--- a/ssl/record/rec_layer_s3.c
++++ b/ssl/record/rec_layer_s3.c
+@@ -81,6 +81,15 @@ int RECORD_LAYER_read_pending(const RECORD_LAYER *rl)
+     return SSL3_BUFFER_get_left(&rl->rbuf) != 0;
+ }
+ 
++int RECORD_LAYER_data_present(const RECORD_LAYER *rl)
++{
++    if (rl->rstate == SSL_ST_READ_BODY)
++        return 1;
++    if (RECORD_LAYER_processed_read_pending(rl))
++        return 1;
++    return 0;
++}
++
+ /* Checks if we have decrypted unread record data pending */
+ int RECORD_LAYER_processed_read_pending(const RECORD_LAYER *rl)
+ {
+diff --git a/ssl/record/record.h b/ssl/record/record.h
+index 234656bf93..b60f71c8cb 100644
+--- a/ssl/record/record.h
++++ b/ssl/record/record.h
+@@ -205,6 +205,7 @@ void RECORD_LAYER_release(RECORD_LAYER *rl);
+ int RECORD_LAYER_read_pending(const RECORD_LAYER *rl);
+ int RECORD_LAYER_processed_read_pending(const RECORD_LAYER *rl);
+ int RECORD_LAYER_write_pending(const RECORD_LAYER *rl);
++int RECORD_LAYER_data_present(const RECORD_LAYER *rl);
+ void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl);
+ void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl);
+ int RECORD_LAYER_is_sslv2_record(RECORD_LAYER *rl);
+diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
+index eed649c6fd..d14c55ae55 100644
+--- a/ssl/ssl_lib.c
++++ b/ssl/ssl_lib.c
+@@ -5492,6 +5492,9 @@ int SSL_free_buffers(SSL *ssl)
+     if (RECORD_LAYER_read_pending(rl) || RECORD_LAYER_write_pending(rl))
+         return 0;
+ 
++    if (RECORD_LAYER_data_present(rl))
++        return 0;
++
+     RECORD_LAYER_release(rl);
+     return 1;
+ }
+-- 
+2.39.3
+
diff --git a/openssl.spec b/openssl.spec
index 486529cf31dea22838e29eb5dcd7ce99f815fb86..f993222df9188a6a568bc279330bdc4eb9162a5f 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -1,4 +1,4 @@
-%define anolis_release 9 
+%define anolis_release 10 
 %global soversion 3
 
 %define srpmhash() %{lua:
@@ -109,6 +109,7 @@ Patch53: 1003-fix-CVE-2024-4603.patch
 Patch54: 1004-fix-CVE-2024-2511.patch
 Patch55: 1005-fix-CVE-2024-6119.patch
 Patch56: 1006-fix-CVE-2024-5535.patch
+Patch57: 1007-fix-CVE-2024-4741.patch
 
 BuildRequires:  gcc git coreutils perl-interpreter sed zlib-devel /usr/bin/cmp
 BuildRequires:  lksctp-tools-devel
@@ -310,6 +311,9 @@ rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/{openssl.cnf.dist,ct_log_list.cnf.di
 %doc NEWS.md README.md
 
 %changelog
+* Thu May 22 2025 Ali <shenzhongli@inspur.com> - 1:3.0.12-10
+- fix CVE-2024-4741
+
 * Mon May 19 2025 Ali <shenzhongli@inspur.com> - 1:3.0.12-9
 - fix CVE-2024-5535