diff --git a/0023-fix-invalid-args-len-set-in-execute_lxc_attach.patch b/0023-fix-invalid-args-len-set-in-execute_lxc_attach.patch
new file mode 100644
index 0000000000000000000000000000000000000000..f646bb21d0fdac3df1fdcaefdc2c070c7f58e0c1
--- /dev/null
+++ b/0023-fix-invalid-args-len-set-in-execute_lxc_attach.patch
@@ -0,0 +1,32 @@
+From e2c58d317e4f1b8cff2fc5221110544038ee7030 Mon Sep 17 00:00:00 2001
+From: jikai <jikai11@huawei.com>
+Date: Mon, 8 Jul 2024 12:32:59 +0000
+Subject: [PATCH 23/23] fix invalid args len set in execute_lxc_attach
+
+Signed-off-by: jikai <jikai11@huawei.com>
+---
+ src/lcrcontainer_execute.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/src/lcrcontainer_execute.c b/src/lcrcontainer_execute.c
+index 6c1f9fc..45f0203 100644
+--- a/src/lcrcontainer_execute.c
++++ b/src/lcrcontainer_execute.c
+@@ -840,7 +840,13 @@ static void execute_lxc_attach(const char *name, const char *path, const struct
+         exit(EXIT_FAILURE);
+     }
+ 
+-    args_len = args_len + request->args_len + request->env_len;
++    if (args_len > SIZE_MAX - request->args_len || request->env_len > SIZE_MAX / 2
++        || args_len + request->args_len > SIZE_MAX - request->env_len * 2) {
++        COMMAND_ERROR("Too many arguments");
++        exit(EXIT_FAILURE);
++    }
++
++    args_len = args_len + request->args_len + request->env_len * 2;
+ 
+     if (args_len > (SIZE_MAX / sizeof(char *))) {
+         exit(EXIT_FAILURE);
+-- 
+2.33.0
+
diff --git a/lcr.spec b/lcr.spec
index fc395f1668908d236e9ef1735d9dcd4d35cd18c2..9e159a415e332ca98d959b5eea1dd008e6b64724 100644
--- a/lcr.spec
+++ b/lcr.spec
@@ -1,5 +1,5 @@
 %global _version 2.0.9
-%global _release 10
+%global _release 11
 %global _inner_name isula_libutils
 
 Name:      lcr
@@ -34,6 +34,7 @@ Patch0019:	0019-300-add-blkio-info-for-runtime-stats.patch
 Patch0020:	0020-drop-atomic-config-write-for-partial-file-does.patch
 Patch0021:	0021-remove-lcr-created-spec-only-if-create-failed.patch
 Patch0022:	0022-fix-bug-for-potential-config-seccomp-ocihook-write-e.patch
+Patch0023:      0023-fix-invalid-args-len-set-in-execute_lxc_attach.patch
 
 %define lxcver_lower 4.0.3-2022102400
 %define lxcver_upper 4.0.3-2022102500
@@ -117,6 +118,12 @@ rm -rf %{buildroot}
 %{_includedir}/%{_inner_name}/*.h
 
 %changelog
+* Thu Oct 17 2024 wujichao<wujichao1@huawei.com> - 2.0.9-11
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:fix invalid args len set in execute lxc attach
+
 * Tue Jun 11 2024 jikai<jikai11@huawei.com> - 2.0.9-10
 - Type:enhancement
 - CVE:NA