diff --git a/backport-Fix-potential-integer-overflow-in-parsednssl.patch b/backport-Fix-potential-integer-overflow-in-parsednssl.patch
new file mode 100644
index 0000000000000000000000000000000000000000..34538189d43aa01564b77aa70a60ee3a7daecd74
--- /dev/null
+++ b/backport-Fix-potential-integer-overflow-in-parsednssl.patch
@@ -0,0 +1,34 @@
+From fd9549c0fb0e1916ca553a1abbeebd48f608955d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?David=20H=C3=A4rdeman?= <david@hardeman.nu>
+Date: Sun, 11 Feb 2024 18:29:15 +0100
+Subject: [PATCH] Fix potential integer overflow in parsednssl()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+optlen is a uint8_t because the length field in the RA header is one octet
+(representing the length in units of 8 octets). Later optlen is multiplied by 8
+to represent the length in bytes, meaning that the variable can overflow.
+
+Signed-off-by: David Härdeman <david@hardeman.nu>
+Signed-off-by: Rémi Denis-Courmont <remi@remlab.net>
+---
+ src/ndisc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/ndisc.c b/src/ndisc.c
+index 1640794..b190b18 100644
+--- a/src/ndisc.c
++++ b/src/ndisc.c
+@@ -451,7 +451,7 @@ static int
+ parsednssl (const uint8_t *opt)
+ {
+ 	const uint8_t *base;
+-	uint8_t optlen = opt[1];
++	uint16_t optlen = opt[1];
+ 	if (optlen < 2)
+ 		return -1;
+ 
+-- 
+2.34.1
+
diff --git a/ndisc6.spec b/ndisc6.spec
index 849cec2e213a55cb57b6d52ed2526bb22358add4..07ee8c50f95cb7da8bcdfc9a4b7a4090c7935764 100644
--- a/ndisc6.spec
+++ b/ndisc6.spec
@@ -1,6 +1,6 @@
 Name:		ndisc6
 Version:	1.0.4
-Release:	7
+Release:	8
 Summary:	IPv6 diagnostic tools
 License:	GPLv2 or GPLv3
 URL:		http://www.remlab.net/ndisc6
@@ -11,6 +11,7 @@ Patch1:    	bugfix-add-SO_BINDTODEVICE.patch
 Patch2:    	backport-rdnssd-remove-unused-parameter.patch
 Patch3:         0001-Update-AUTHORS.patch
 Patch4:         0001-Update-NEWS.patch
+Patch5:         backport-Fix-potential-integer-overflow-in-parsednssl.patch
 
 BuildRequires:	gcc perl-generators
 
@@ -50,6 +51,12 @@ It includes the follwing programs :
 %{_mandir}/man*
 
 %changelog
+* Tue Jan 7 2025 yinbin <yinbin8@huawei.com> - 1.0.4-8
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC: backport-Fix-potential-integer-overflow-in-parsednssl.patch
+
 * Mon Jan 9 2023 caofei <caofei@xfusion.com> - 1.0.4-7
 - Type:bugfix
 - CVE:NA