diff --git a/backport-CVE-2024-57392.patch b/backport-CVE-2024-57392.patch
new file mode 100644
index 0000000000000000000000000000000000000000..e387dbaa5ac57b5a6b998ee12a87d9a845d6e7b8
--- /dev/null
+++ b/backport-CVE-2024-57392.patch
@@ -0,0 +1,48 @@
+From 981a37916fdb7b73435c6d5cdb01428b2269427d Mon Sep 17 00:00:00 2001
+From: TJ Saunders <tj@castaglia.org>
+Date: Sun, 9 Feb 2025 12:14:25 -0800
+Subject: [PATCH] Issue #1866: Some of the fuzzing tests submitted in the
+ advisory ran into existing null pointer dereferences (not buffer overflows);
+ let's correct them. (#1867)
+
+---
+ modules/mod_ls.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/modules/mod_ls.c b/modules/mod_ls.c
+index 5458ccc..3a9688c 100644
+--- a/modules/mod_ls.c
++++ b/modules/mod_ls.c
+@@ -2,7 +2,7 @@
+  * ProFTPD - FTP server daemon
+  * Copyright (c) 1997, 1998 Public Flood Software
+  * Copyright (c) 1999, 2000 MacGyver aka Habeeb J. Dihu <macgyver@tos.net>
+- * Copyright (c) 2001-2022 The ProFTPD Project
++ * Copyright (c) 2001-2025 The ProFTPD Project
+  *
+  * This program is free software; you can redistribute it and/or modify
+  * it under the terms of the GNU General Public License as published by
+@@ -360,7 +360,8 @@ static int sendline(int flags, char *fmt, ...) {
+           errno != 0) {
+         int xerrno = errno;
+
+-        if (session.d != NULL) {
++        if (session.d != NULL &&
++            session.d->outstrm != NULL) {
+           xerrno = PR_NETIO_ERRNO(session.d->outstrm);
+         }
+
+@@ -1101,7 +1102,9 @@ static int outputfiles(cmd_rec *cmd) {
+     return res;
+   }
+
+-  tail->down = NULL;
++  if (tail != NULL) {
++    tail->down = NULL;
++  }
+   tail = NULL;
+   colwidth = (colwidth | 7) + 1;
+   if (opt_l || !opt_C) {
+--
+2.43.0
+
diff --git a/proftpd.spec b/proftpd.spec
index d0d5335177cf666e667db8e560da82e59325f30e..abb38b9507622649cfd421b33ba939264743c251 100644
--- a/proftpd.spec
+++ b/proftpd.spec
@@ -20,7 +20,7 @@
 
 Name:			proftpd
 Version:		1.3.8b
-Release:		6
+Release:		7
 Summary:		Flexible, stable and highly-configurable FTP server
 License:		GPLv2+
 URL:			http://www.proftpd.org/
@@ -45,6 +45,7 @@ Patch6:			proftpd-1.3.7rc3-logging-not-systemd.patch
 Patch7:			proftpd-1.3.8-fix-environment-sensitive-tests-failure.patch
 Patch8: 		huawei-proftpd-service-add-restart.patch
 Patch9: 		backport-CVE-2024-48651.patch
+Patch10:        backport-CVE-2024-57392.patch
 
 BuildRequires:		coreutils
 BuildRequires:		gcc
@@ -252,6 +253,7 @@ sed -i -e '/killall/s/test.*/systemctl reload proftpd.service/' \
 %patch 7 -p1
 %patch 8 -p1
 %patch 9 -p1
+%patch 10 -p1
 
 # Avoid docfile dependencies
 chmod -c -x contrib/xferstats.holger-preiss
@@ -537,6 +539,9 @@ fi
 %{_mandir}/man1/ftpwho.1*
 
 %changelog
+* Sun Apr 20 2025 zhangliangpengkun <zhangliangpengkun@xfusion.com> - 1.3.8b-7
+- DESC:Fix CVE-2024-57392
+
 * Tue Dec 03 2024 shenzhongwei <shenzhongwei@kylinos.cn> - 1.3.8b-6
 - Type:bugfix
 - ID:NA