diff --git a/backport-CVE-2022-39028.patch b/backport-CVE-2022-39028.patch
new file mode 100644
index 0000000000000000000000000000000000000000..10b7b3a0b16592f8bb5f46c4cdf654db5d0d5ba4
--- /dev/null
+++ b/backport-CVE-2022-39028.patch
@@ -0,0 +1,48 @@
+Description: Fix remote DoS vulnerability in inetutils-telnetd
+ This is caused by a crash by a NULL pointer dereference when sending the
+ byte sequences «0xff 0xf7» or «0xff 0xf8».
+Authors:
+ Pierre Kim (original patch),
+ Alexandre Torres (original patch),
+ Erik Auerswald <auerswal@unix-ag.uni-kl.de> (adapted patch),
+Reviewed-by: Erik Auerswald <auerswal@unix-ag.uni-kl.de>
+Origin: upstream
+Ref: https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html
+Forwarded: https://lists.gnu.org/archive/html/bug-inetutils/2022-08/msg00002.html
+Last-Update: 2022-08-28
+
+---
+ telnetd/state.c | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/telnetd/state.c b/telnetd/state.c
+index 0dc61a2..befc9d0 100644
+--- a/telnetd/state.c
++++ b/telnetd/state.c
+@@ -206,12 +206,20 @@ void telrcv(void) {
+ 	      case EC:
+ 	      case EL:
+ 		 {
+-		     cc_t ch;
++		     cc_t ch = (cc_t) (_POSIX_VDISABLE);
+ 		     DIAG(TD_OPTIONS, printoption("td: recv IAC", c));
+ 		     ptyflush();	/* half-hearted */
+ 		     init_termbuf();
+-		     if (c == EC) ch = *slctab[SLC_EC].sptr;
+-		     else ch = *slctab[SLC_EL].sptr;
++		     if (c == EC) 
++		     {
++		         if (slctab[SLC_EC].sptr)
++				ch = *slctab[SLC_EC].sptr;
++		     }
++		     else
++		     {
++		         if (slctab[SLC_EL].sptr)
++				ch = *slctab[SLC_EL].sptr;
++		     }
+ 		     if (ch != (cc_t)(_POSIX_VDISABLE))
+ 			 *pfrontp++ = (unsigned char)ch;
+ 		     break;
+-- 
+2.33.0
+
diff --git a/telnet.spec b/telnet.spec
index 3021d7fb912ae5330109ea16497d8be18988179b..5b586500a497a804e76683baaf1a257ef709d50e 100644
--- a/telnet.spec
+++ b/telnet.spec
@@ -1,7 +1,7 @@
 Name:             telnet
 Epoch:            1
 Version:          0.17
-Release:          78
+Release:          79
 Summary:          Client and Server programs for the Telnet communication protocol
 License:          BSD
 Url:              http://web.archive.org/web/20070819111735/www.hcs.harvard.edu/~dholland/computers/old-netkit.html
@@ -37,6 +37,7 @@ Patch0024:        netkit-telnet-0.17-gcc7.patch
 Patch0025:        netkit-telnet-0.17-manpage.patch
 Patch0026:        netkit-telnet-0.17-telnetrc.patch
 Patch0027:        CVE-2020-10188.patch
+Patch0028:        backport-CVE-2022-39028.patch
 
 BuildRequires:    gcc-c++ ncurses-devel systemd
 Requires:         systemd
@@ -100,6 +101,12 @@ install -pm644 %{SOURCE3} %{buildroot}%{_unitdir}/telnet.socket
 %{_mandir}/man1/telnet.1*
 
 %changelog
+* Mon Apr 01 2024 gaihuiying <eaglegai@163.com> - 1:0.17-79
+- Type:cves
+- CVE:CVE-2022-39028
+- SUG:NA
+- DESC:fix CVE-2022-39028
+
 * Tue Dec 15 2020 xihaochen <xihaochen@huawei.com> - 1:0.17-78
 - Type:requirement
 - ID:NA