diff --git a/CVE-2020-8277.patch b/CVE-2020-8277.patch
new file mode 100644
index 0000000000000000000000000000000000000000..a2aa4b659596a1d828a735873a0c53ea9e02299f
--- /dev/null
+++ b/CVE-2020-8277.patch
@@ -0,0 +1,53 @@
+From 0d252eb3b2147179296a3bdb4ef97883c97c54d3 Mon Sep 17 00:00:00 2001
+From: bradh352 <brad@brad-house.com>
+Date: Thu, 12 Nov 2020 10:24:40 -0500
+Subject: [PATCH] ares_parse_{a,aaaa}_reply could return larger *naddrttls than
+ passed in
+
+If there are more ttls returned than the maximum provided by the requestor, then
+the *naddrttls response would be larger than the actual number of elements in
+the addrttls array.
+
+This bug could lead to invalid memory accesses in applications using c-ares.
+
+This behavior appeared to break with PR #257
+
+Fixes: #371
+Reported By: Momtchil Momtchev (@mmomtchev)
+Fix By: Brad House (@bradh352)
+---
+ ares_parse_a_reply.c    | 3 ++-
+ ares_parse_aaaa_reply.c | 3 ++-
+ 2 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/ares_parse_a_reply.c b/ares_parse_a_reply.c
+index d8a9e9b..e71c993 100644
+--- a/ares_parse_a_reply.c
++++ b/ares_parse_a_reply.c
+@@ -197,7 +197,8 @@ int ares_parse_a_reply(const unsigned char *abuf, int alen,
+ 
+   if (naddrttls)
+     {
+-      *naddrttls = naddrs;
++      /* Truncated to at most *naddrttls entries */
++      *naddrttls = (naddrs > *naddrttls)?*naddrttls:naddrs;
+     }
+ 
+   ares__freeaddrinfo_cnames(ai.cnames);
+diff --git a/ares_parse_aaaa_reply.c b/ares_parse_aaaa_reply.c
+index 0d39bfa..346d430 100644
+--- a/ares_parse_aaaa_reply.c
++++ b/ares_parse_aaaa_reply.c
+@@ -200,7 +200,8 @@ int ares_parse_aaaa_reply(const unsigned char *abuf, int alen,
+ 
+   if (naddrttls)
+     {
+-      *naddrttls = naddrs;
++      /* Truncated to at most *naddrttls entries */
++      *naddrttls = (naddrs > *naddrttls)?*naddrttls:naddrs;
+     }
+ 
+   ares__freeaddrinfo_cnames(ai.cnames);
+-- 
+1.8.3.1
+
diff --git a/c-ares.spec b/c-ares.spec
index 860029ad4983b7f0dd163571a06f8fbae7f134b1..ba47387927a7c06c60f0cd5a785acf292a605373 100644
--- a/c-ares.spec
+++ b/c-ares.spec
@@ -1,6 +1,6 @@
 Name:           c-ares
 Version:        1.16.1
-Release:        1
+Release:        2
 Summary:        A C library for asynchronous DNS requests
 
 License:        MIT
@@ -13,6 +13,7 @@ Patch0:         0000-Use-RPM-compiler-options.patch
 Patch1:         0001-Fix-invalid-read-in-ares_parse_soa_reply.patch
 Patch2:         0002-Fix-sizeof-sizeof-addr.saX-sizeof-addr.saX-in-readad.patch
 Patch3:         0003-Avoid-buffer-overflow-in-RC4-loop-comparison-336.patch
+Patch4:         CVE-2020-8277.patch
 %description
 This is c-ares, an asynchronous resolver library. It is intended for applications
 which need to perform DNS queries without blocking, or need to perform multiple
@@ -55,6 +56,9 @@ make %{?_smp_mflags}
 %{_mandir}/man3/*
 
 %changelog
+* Thu Mar 11 2021 openEuler Buildteam <buildteam@openeuler.org> - 1.16.1-2
+- fix CVE-2020-8277
+
 * Tue Aug 25 2020 gaihuiying <gaihuiying1@huawei.com> - 1.16.1-1
 - Type:requirement
 - ID:NA