diff --git a/fix-CVE-2024-33427.patch b/fix-CVE-2024-33427.patch
new file mode 100644
index 0000000000000000000000000000000000000000..f75800362dc0f966796b23b71397edbc1bb4a3ee
--- /dev/null
+++ b/fix-CVE-2024-33427.patch
@@ -0,0 +1,38 @@
+From b60b0293145c86bf94bda41ea539c347af4af3b4 Mon Sep 17 00:00:00 2001
+From: zhailiangliang <zhailiangliang@loongson.cn>
+Date: Fri, 29 Mar 2024 14:32:30 +0800
+Subject: [PATCH] Fix heap buffer overead in ConfigParser::UnQuote()
+
+---
+ CONTRIBUTORS        | 1 +
+ src/ConfigParser.cc | 2 +-
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/CONTRIBUTORS b/CONTRIBUTORS
+index 7cedd09..c94c673 100644
+--- a/CONTRIBUTORS
++++ b/CONTRIBUTORS
+@@ -294,6 +294,7 @@ Thank you!
+     Leeann Bent <lbent@cs.ucsd.edu>
+     Leonardo Taccari
+     Leonid Evdokimov <leon@darkk.net.ru>
++    Liangliang Zhai <zhailiangliang@loongson.cn>
+     libit <sambabug.lb@gmail.com>
+     Lubos Uhliarik <luhliari@redhat.com>
+     Luigi Gangitano <luigi@debian.org>
+diff --git a/src/ConfigParser.cc b/src/ConfigParser.cc
+index c65124e..0e405eb 100644
+--- a/src/ConfigParser.cc
++++ b/src/ConfigParser.cc
+@@ -181,7 +181,7 @@ ConfigParser::UnQuote(const char *token, const char **next)
+     *d = '\0';
+ 
+     // We are expecting a separator after quoted string, space or one of "()#"
+-    if (*(s + 1) != '\0' && !strchr(w_space "()#", *(s + 1)) && !errorStr) {
++    if (!errorStr && *(s + 1) != '\0' && !strchr(w_space "()#", *(s + 1))) {
+         errorStr = "Expecting space after the end of quoted token";
+         errorPos = token;
+     }
+-- 
+2.23.0
+
diff --git a/squid.spec b/squid.spec
index d9b861586f71775f1e613f26e701796ec2f23431..328defb19a9c3b71cd78717697ef9800f727aa47 100644
--- a/squid.spec
+++ b/squid.spec
@@ -2,7 +2,7 @@
 
 Name:     squid
 Version:  6.6
-Release:  2
+Release:  3
 Summary:  The Squid proxy caching server
 Epoch:    7
 License:  GPLv2+ and (LGPLv2+ and MIT and BSD and Public Domain)
@@ -23,6 +23,7 @@ Patch2:   squid-3.0.STABLE1-perlpath.patch
 Patch3:   backport-squid-6.1-symlink-lang-err.patch
 Patch4:   backport-squid-crash-half-closed.patch
 Patch5:   backport-CVE-2024-25111.patch
+Patch6:   fix-CVE-2024-33427.patch
 
 Requires: bash
 Requires: httpd-filesystem
@@ -245,6 +246,12 @@ fi
     chgrp squid /var/cache/samba/winbindd_privileged >/dev/null 2>&1 || :
 
 %changelog
+* Sun May 26 2024 xuchenchen <xuchenchen@kylinos.cn> - 7:6.6-3
+- Type:cves
+- ID:CVE-2024-33427
+- SUG:NA
+- DESC:fix CVE-2024-33427
+
 * Thu Mar 07 2024 xinghe <xinghe2@h-partners.com> - 7:6.6-2
 - Type:cves
 - ID:CVE-2024-25111