diff --git a/CVE-2024-21506.patch b/CVE-2024-21506.patch
new file mode 100644
index 0000000000000000000000000000000000000000..2c7b013f2227b672ca8f555a20d9bbb70a1ed78d
--- /dev/null
+++ b/CVE-2024-21506.patch
@@ -0,0 +1,36 @@
+diff -Nurw mongo-python-driver-4.2.0/bson/_cbsonmodule.c mongo-python-driver-4.2.0_new/bson/_cbsonmodule.c
+--- mongo-python-driver-4.2.0/bson/_cbsonmodule.c	2022-07-20 23:33:41.000000000 +0800
++++ mongo-python-driver-4.2.0_new/bson/_cbsonmodule.c	2024-04-07 16:07:39.000417143 +0800
+@@ -2057,6 +2057,7 @@
+             uint32_t c_w_s_size;
+             uint32_t code_size;
+             uint32_t scope_size;
++            uint32_t len;
+             PyObject* code;
+             PyObject* scope;
+             PyObject* code_type;
+@@ -2076,7 +2077,8 @@
+             memcpy(&code_size, buffer + *position, 4);
+             code_size = BSON_UINT32_FROM_LE(code_size);
+             /* code_w_scope length + code length + code + scope length */
+-            if (!code_size || max < code_size || max < 4 + 4 + code_size + 4) {
++            len = 4 + 4 + code_size + 4;
++            if (!code_size || max < code_size || max < len || len < code_size) {
+                 goto invalid;
+             }
+             *position += 4;
+@@ -2094,12 +2096,9 @@
+ 
+             memcpy(&scope_size, buffer + *position, 4);
+             scope_size = BSON_UINT32_FROM_LE(scope_size);
+-            if (scope_size < BSON_MIN_SIZE) {
+-                Py_DECREF(code);
+-                goto invalid;
+-            }
+             /* code length + code + scope length + scope */
+-            if ((4 + code_size + 4 + scope_size) != c_w_s_size) {
++            len = 4 + 4 + code_size + scope_size;
++            if (scope_size < BSON_MIN_SIZE || len != c_w_s_size || len < scope_size) {
+                 Py_DECREF(code);
+                 goto invalid;
+             }
diff --git a/python-pymongo.spec b/python-pymongo.spec
index d65536221432fafc526d091f77262f7deb2e1179..985857a91c75456a60822418a9cbc5385cd4434a 100644
--- a/python-pymongo.spec
+++ b/python-pymongo.spec
@@ -1,4 +1,4 @@
-%define anolis_release 1
+%define anolis_release 2
 
 %global bootstrap 0
 
@@ -12,6 +12,8 @@ Summary:        Python driver for MongoDB
 URL:            https://pymongo.readthedocs.io/en/stable/
 Source0:        https://github.com/mongodb/mongo-python-driver/archive/refs/tags/%{version}.tar.gz
 
+Patch:          CVE-2024-21506.patch
+
 BuildRequires:  gcc
 BuildRequires:  make
 %if 0%{!?bootstrap:1}
@@ -111,5 +113,8 @@ chmod 755 %{buildroot}%{python3_sitearch}/pymongo/*.so
 
 
 %changelog
+* Sun Apr 07 2024 mgb01105731 <mgb01105731@alibaba-inc.com> - 4.2.0-2
+- CVE-2024-21506
+
 * Mon May 15 2023 Funda Wang <fundawang@yeah.net> - 4.2.0-1
 - Import package for anolis 23