diff --git a/CVE-2021-29478.patch b/CVE-2021-29478.patch
new file mode 100644
index 0000000000000000000000000000000000000000..c7002c22036ce5877e819ac300f231b9e789159c
--- /dev/null
+++ b/CVE-2021-29478.patch
@@ -0,0 +1,35 @@
+From ef78ba0a7793a0b6be026ec77ef3c7e919efa08a Mon Sep 17 00:00:00 2001
+From: Oran Agra <oran@redislabs.com>
+Date: Mon, 3 May 2021 08:27:22 +0300
+Subject: [PATCH] Fix integer overflow in intset (CVE-2021-29478)
+
+An integer overflow bug in Redis 6.2 could be exploited to corrupt the heap and
+potentially result with remote code execution.
+
+The vulnerability involves changing the default set-max-intset-entries
+configuration value, creating a large set key that consists of integer values
+and using the COPY command to duplicate it.
+
+The integer overflow bug exists in all versions of Redis starting with 2.6,
+where it could result with a corrupted RDB or DUMP payload, but not exploited
+through COPY (which did not exist before 6.2).
+---
+ src/intset.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/intset.c b/src/intset.c
+index 198c90a..8d35536 100644
+--- a/src/intset.c
++++ b/src/intset.c
+@@ -278,7 +278,7 @@ uint32_t intsetLen(const intset *is) {
+ 
+ /* Return intset blob size in bytes. */
+ size_t intsetBlobLen(intset *is) {
+-    return sizeof(intset)+intrev32ifbe(is->length)*intrev32ifbe(is->encoding);
++    return sizeof(intset)+(size_t)intrev32ifbe(is->length)*intrev32ifbe(is->encoding);
+ }
+ 
+ #ifdef REDIS_TEST
+-- 
+2.23.0
+
diff --git a/redis.spec b/redis.spec
index 591afa7154bfdb50b226c7a636792d08fdc811b0..1f86fce0419acc1cfdfe1c89e550c583fcb15b76 100644
--- a/redis.spec
+++ b/redis.spec
@@ -1,6 +1,6 @@
 Name:           redis
 Version:        4.0.11
-Release:        14
+Release:        15
 Summary:        A persistent key-value database
 License:        BSD and MIT
 URL:            https://redis.io
@@ -20,6 +20,7 @@ Patch0006:      CVE-2019-10193.patch
 Patch0007:      modify-aarch64-architecture-jemalloc-page-size-from-4k-to-64k.patch
 Patch0008:      CVE-2021-21309.patch
 Patch0009:      CVE-2021-3470.patch
+Patch0010:      CVE-2021-29478.patch
 
 BuildRequires:     systemd
 Requires:          /bin/awk
@@ -46,6 +47,7 @@ Redis is an advanced key-value store. It is often referred to as a dattructure s
 %endif
 %patch0008 -p1
 %patch0009 -p1
+%patch0010 -p1
 
 sed -i -e 's|^logfile .*$|logfile /var/log/redis/redis.log|g' redis.conf
 sed -i -e '$ alogfile /var/log/redis/sentinel.log' sentinel.conf
@@ -103,6 +105,9 @@ exit 0
 %{_unitdir}/%{name}-sentinel.service
 
 %changelog
+* Tue Jun 08 2021 wangyue <wangyue92@huawei.com> - 4.0.11-15
+- Fix CVE-2021-29478
+
 * Wed Apr 07 2021 wangyue <wangyue92@huawei.com> - 4.0.11-14
 - Fix CVE-2021-3470