diff --git a/CVE-2024-31449.patch b/CVE-2024-31449.patch
new file mode 100644
index 0000000000000000000000000000000000000000..0613eebf1c97f8c9daea40382813fdeff8501926
--- /dev/null
+++ b/CVE-2024-31449.patch
@@ -0,0 +1,37 @@
+commit 1f7c148be2cbacf7d50aa461c58b871e87cc5ed9
+Author: Oran Agra <oran@redislabs.com>
+Date:   Wed Oct 2 19:54:06 2024 +0300
+
+    Fix lua bit.tohex (CVE-2024-31449)
+    
+    INT_MIN value must be explicitly checked, and cannot be negated.
+
+diff --git a/deps/lua/src/lua_bit.c b/deps/lua/src/lua_bit.c
+index 690df7d3c..a459ca98b 100644
+--- a/deps/lua/src/lua_bit.c
++++ b/deps/lua/src/lua_bit.c
+@@ -131,6 +131,7 @@ static int bit_tohex(lua_State *L)
+   const char *hexdigits = "0123456789abcdef";
+   char buf[8];
+   int i;
++  if (n == INT32_MIN) n = INT32_MIN+1;
+   if (n < 0) { n = -n; hexdigits = "0123456789ABCDEF"; }
+   if (n > 8) n = 8;
+   for (i = (int)n; --i >= 0; ) { buf[i] = hexdigits[b & 15]; b >>= 4; }
+diff --git a/tests/unit/scripting.tcl b/tests/unit/scripting.tcl
+index 2e3a936c4..2381927cd 100644
+--- a/tests/unit/scripting.tcl
++++ b/tests/unit/scripting.tcl
+@@ -528,6 +528,12 @@ start_server {tags {"scripting"}} {
+         set e
+     } {ERR*Attempt to modify a readonly table*}
+ 
++    test {lua bit.tohex bug} {
++        set res [r eval {return bit.tohex(65535, -2147483648)} 0]
++        r ping
++        set res
++    } {0000FFFF}
++
+     test {Test an example script DECR_IF_GT} {
+         set decr_if_gt {
+             local current
diff --git a/redis.spec b/redis.spec
index 3050066823602d642f60742c543b225c5e34d4a6..0a2366b30d6241f468bd68a5d0ad5ee3646d9749 100644
--- a/redis.spec
+++ b/redis.spec
@@ -1,6 +1,6 @@
 Name:           redis
 Version:        4.0.14
-Release:        6
+Release:        7
 Summary:        A persistent key-value database
 License:        BSD-3-Clause and MIT
 URL:            https://redis.io
@@ -22,6 +22,7 @@ Patch0010:      CVE-2021-32672.patch
 Patch0011:      CVE-2022-36021.patch
 Patch0012:      CVE-2023-28856.patch
 Patch0013:      CVE-2022-24834.patch
+Patch0014:      CVE-2024-31449.patch
 
 BuildRequires:     systemd gcc
 Requires:          /bin/awk
@@ -52,6 +53,7 @@ Redis is an advanced key-value store. It is often referred to as a dattructure s
 %patch0011 -p1
 %patch0012 -p1
 %patch0013 -p1
+%patch0014 -p1
 %ifarch loongarch64
 %_update_config_guess
 %_update_config_sub
@@ -113,6 +115,9 @@ exit 0
 %{_unitdir}/%{name}-sentinel.service
 
 %changelog
+* Tue Oct 08 2024 Yu Peng <yupeng@kylinos.cn> - 4.0.14-7
+- Fix CVE-2024-31449
+
 * Mon Jul 31 2023 wangkai <13474090681@163.com> - 4.0.14-6
 - Fix CVE-2022-24834