diff --git a/backport-CVE-2021-32762.patch b/backport-CVE-2021-32762.patch
new file mode 100644
index 0000000000000000000000000000000000000000..d0badd2247661fbb64728b208d9a01f7f24d6b1b
--- /dev/null
+++ b/backport-CVE-2021-32762.patch
@@ -0,0 +1,62 @@
+From 0215324a66af949be39b34be2d55143232c1cb71 Mon Sep 17 00:00:00 2001
+From: Oran Agra <oran@redislabs.com>
+Date: Mon, 4 Oct 2021 12:10:17 +0300
+Subject: [PATCH] Fix redis-cli / redis-sential overflow on some platforms
+ (CVE-2021-32762) (#9587)
+
+The redis-cli command line tool and redis-sentinel service may be vulnerable
+to integer overflow when parsing specially crafted large multi-bulk network
+replies. This is a result of a vulnerability in the underlying hiredis
+library which does not perform an overflow check before calling the calloc()
+heap allocation function.
+
+This issue only impacts systems with heap allocators that do not perform their
+own overflow checks. Most modern systems do and are therefore not likely to
+be affected. Furthermore, by default redis-sentinel uses the jemalloc allocator
+which is also not vulnerable.
+
+Co-authored-by: Yossi Gottlieb <yossigo@gmail.com>
+
+Origin: https://github.com/redis/redis/commit/0215324a66af949be39b34be2d55143232c1cb71
+---
+ hiredis.c |  1 +
+ test.c    | 14 ++++++++++++++
+ 2 files changed, 15 insertions(+)
+
+diff --git a/hiredis.c b/hiredis.c
+index 51f22a66524..990f619605c 100644
+--- a/hiredis.c
++++ b/hiredis.c
+@@ -174,6 +174,7 @@ static void *createArrayObject(const redisReadTask *task, size_t elements) {
+         return NULL;
+ 
+     if (elements > 0) {
++        if (SIZE_MAX / sizeof(redisReply*) < elements) return NULL;  /* Don't overflow */
+         r->element = hi_calloc(elements,sizeof(redisReply*));
+         if (r->element == NULL) {
+             freeReplyObject(r);
+diff --git a/test.c b/test.c
+index 82953673926..bdff74e88bb 100644
+--- a/test.c
++++ b/test.c
+@@ -498,6 +498,20 @@ static void test_reply_reader(void) {
+     freeReplyObject(reply);
+     redisReaderFree(reader);
+ 
++    test("Multi-bulk never overflows regardless of maxelements: ");
++    size_t bad_mbulk_len = (SIZE_MAX / sizeof(void *)) + 3;
++    char bad_mbulk_reply[100];
++    snprintf(bad_mbulk_reply, sizeof(bad_mbulk_reply), "*%llu\r\n+asdf\r\n",
++        (unsigned long long) bad_mbulk_len);
++
++    reader = redisReaderCreate();
++    reader->maxelements = 0;    /* Don't rely on default limit */
++    redisReaderFeed(reader, bad_mbulk_reply, strlen(bad_mbulk_reply));
++    ret = redisReaderGetReply(reader,&reply);
++    test_cond(ret == REDIS_ERR && strcasecmp(reader->errstr, "Out of memory") == 0);
++    freeReplyObject(reply);
++    redisReaderFree(reader);
++
+ #if LLONG_MAX > SIZE_MAX
+     test("Set error when array > SIZE_MAX: ");
+     reader = redisReaderCreate();
diff --git a/hiredis.spec b/hiredis.spec
index 4e450e26e7b96abe2d3eba070865677efdc1d668..29195b240b0b43bcb698feb8e1cb34ec524fc07c 100644
--- a/hiredis.spec
+++ b/hiredis.spec
@@ -1,10 +1,11 @@
 Name:           hiredis
 Version:        1.2.0
-Release:        2
+Release:        3
 Summary:        A minimalistic C client library for the Redis database
 License:        BSD
 URL:            https://github.com/redis/hiredis
 Source0:        https://github.com/redis/hiredis/archive/refs/tags/v%{version}.tar.gz#/hiredis-1.2.0.tar.gz
+Patch3000:      backport-CVE-2021-32762.patch
 BuildRequires:  gcc redis
 
 
@@ -66,6 +67,9 @@ make check || true
 %{_libdir}/pkgconfig/hiredis.pc
 
 %changelog
+* Mon Aug 26 2024 yaoxin <yao_xin001@hoperun.com> - 1.2.0-3
+- Fix CVE-2021-32762
+
 * Wed Aug 7 2024 zhangxingrong <zhangxingrong@uniontech.cn> - 1.2.0-2
 - Retry poll(2) if we are intterupted
 - Document poll(2) logic changes