diff --git a/CVE-2021-3200.patch b/CVE-2021-3200.patch
new file mode 100644
index 0000000000000000000000000000000000000000..ea17819725517d101b84d5671fbb56f1a9173a35
--- /dev/null
+++ b/CVE-2021-3200.patch
@@ -0,0 +1,63 @@
+From 0077ef29eb46d2e1df2f230fc95a1d9748d49dec Mon Sep 17 00:00:00 2001
+From: Michael Schroeder <mls@suse.de>
+Date: Mon, 14 Dec 2020 11:12:00 +0100
+Subject: [PATCH] testcase_read: error out if repos are added or the system is
+ changed too late
+
+We must not add new solvables after the considered map was created, the solver
+was created, or jobs were added. We may not changed the system after jobs have
+been added.
+
+(Jobs may point inside the whatproviedes array, so we must not invalidate this
+area.)
+---
+ ext/testcase.c | 21 +++++++++++++++++++++
+ 1 file changed, 21 insertions(+)
+
+diff --git a/ext/testcase.c b/ext/testcase.c
+index 0be7a213..8fb6d793 100644
+--- a/ext/testcase.c
++++ b/ext/testcase.c
+@@ -1991,6 +1991,7 @@ testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **res
+   Id *genid = 0;
+   int ngenid = 0;
+   Queue autoinstq;
++  int oldjobsize = job ? job->count : 0;
+ 
+   if (resultp)
+     *resultp = 0;
+@@ -2065,6 +2066,21 @@ testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **res
+ 	  int prio, subprio;
+ 	  const char *rdata;
+ 
++	  if (pool->considered)
++	    {
++	      pool_error(pool, 0, "testcase_read: cannot add repos after packages were disabled");
++	      continue;
++	    }
++	  if (solv)
++	    {
++	      pool_error(pool, 0, "testcase_read: cannot add repos after the solver was created");
++	      continue;
++	    }
++	  if (job && job->count != oldjobsize)
++	    {
++	      pool_error(pool, 0, "testcase_read: cannot add repos after jobs have been created");
++	      continue;
++	    }
+ 	  prepared = 0;
+           if (!poolflagsreset)
+ 	    {
+@@ -2125,6 +2141,11 @@ testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **res
+ 	  int i;
+ 
+ 	  /* must set the disttype before the arch */
++	  if (job && job->count != oldjobsize)
++	    {
++	      pool_error(pool, 0, "testcase_read: cannot change the system after jobs have been created");
++	      continue;
++	    }
+ 	  prepared = 0;
+ 	  if (strcmp(pieces[2], "*") != 0)
+ 	    {
+
diff --git a/libsolv.spec b/libsolv.spec
index ed341dea911b8622d07a0d4dcd18f1bcd91e2ea7..55f12de8a82da6d31906f62c580ab3bea84daceb 100644
--- a/libsolv.spec
+++ b/libsolv.spec
@@ -15,11 +15,14 @@
 
 Name:                  libsolv
 Version:               0.7.14
-Release:               2
+Release:               3
 Summary:               Package dependency solver                    
 License:               BSD
 URL:                   https://github.com/openSUSE/libsolv
 Source:                https://github.com/openSUSE/libsolv/archive/%{version}/%{name}-%{version}.tar.gz
+
+Patch0:                CVE-2021-3200.patch
+
 BuildRequires:         cmake gcc-c++ ninja-build pkgconfig(rpm) zlib-devel
 BuildRequires:         libxml2-devel xz-devel bzip2-devel libzstd-devel 
 Requires:              %{_bindir}/find %{_bindir}/curl %{_bindir}/gpg2 %{name}-help
@@ -186,6 +189,12 @@ Python 3 version.
 %{_mandir}/man3/%{name}*.3*
 
 %changelog
+* Fri May 28 2021 gaihuiying <gaihuiying1@huawei.com> - 0.7.14-3
+- Type:cves
+- CVE:CVE-2021-3200
+- SUG:NA
+- DESC:fix CVE-2021-3200
+
 * Mon Nov 09 2020 xihaochen <xihaochen@huawei.com> - 0.7.14-2
 - Type:requirement
 - CVE:NA