diff --git a/backport-CVE-2024-43167-CVE-2024-43168.patch b/backport-CVE-2024-43167-CVE-2024-43168.patch
new file mode 100644
index 0000000000000000000000000000000000000000..95d0f0ed3261305caf46f145fc4fc67670fe2fbf
--- /dev/null
+++ b/backport-CVE-2024-43167-CVE-2024-43168.patch
@@ -0,0 +1,60 @@
+From 9ffcad93b6452d1a7c1c13fa2bc23f46c47f2dc6 Mon Sep 17 00:00:00 2001
+From: wangxiaomeng <wangxiaomeng@kylinos.cn>
+Date: Tue, 13 Aug 2024 15:03:59 +0800
+Subject: [PATCH] backport CVE-2024-43167 CVE-2024-43168
+
+---
+ libunbound/libunbound.c | 7 +++++--
+ util/config_file.c      | 4 ++++
+ 2 files changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/libunbound/libunbound.c b/libunbound/libunbound.c
+index 80a82bb..c52114d 100644
+--- a/libunbound/libunbound.c
++++ b/libunbound/libunbound.c
+@@ -976,7 +976,8 @@ ub_ctx_set_fwd(struct ub_ctx* ctx, const char* addr)
+ 	if(!addr) {
+ 		/* disable fwd mode - the root stub should be first. */
+ 		if(ctx->env->cfg->forwards &&
+-			strcmp(ctx->env->cfg->forwards->name, ".") == 0) {
++			(ctx->env->cfg->forwards->name &&
++			strcmp(ctx->env->cfg->forwards->name, ".") == 0)) {
+ 			s = ctx->env->cfg->forwards;
+ 			ctx->env->cfg->forwards = s->next;
+ 			s->next = NULL;
+@@ -996,7 +997,8 @@ ub_ctx_set_fwd(struct ub_ctx* ctx, const char* addr)
+ 	/* it parses, add root stub in front of list */
+ 	lock_basic_lock(&ctx->cfglock);
+ 	if(!ctx->env->cfg->forwards ||
+-		strcmp(ctx->env->cfg->forwards->name, ".") != 0) {
++		(ctx->env->cfg->forwards->name &&
++		strcmp(ctx->env->cfg->forwards->name, ".") != 0)) {
+ 		s = calloc(1, sizeof(*s));
+ 		if(!s) {
+ 			lock_basic_unlock(&ctx->cfglock);
+@@ -1014,6 +1016,7 @@ ub_ctx_set_fwd(struct ub_ctx* ctx, const char* addr)
+ 		ctx->env->cfg->forwards = s;
+ 	} else {
+ 		log_assert(ctx->env->cfg->forwards);
++		log_assert(ctx->env->cfg->forwards->name);
+ 		s = ctx->env->cfg->forwards;
+ 	}
+ 	dupl = strdup(addr);
+diff --git a/util/config_file.c b/util/config_file.c
+index 6d357c5..7d0124f 100644
+--- a/util/config_file.c
++++ b/util/config_file.c
+@@ -1745,6 +1745,10 @@ cfg_mark_ports(const char* str, int allow, int* avail, int num)
+ #endif
+ 	if(!mid) {
+ 		int port = atoi(str);
++		if(port < 0) {
++			log_err("Prevent out-of-bounds access to array avail");
++			return 0;
++		}
+ 		if(port == 0 && strcmp(str, "0") != 0) {
+ 			log_err("cannot parse port number '%s'", str);
+ 			return 0;
+-- 
+2.43.0
+
diff --git a/unbound.spec b/unbound.spec
index 661747eb12db606a98bf99dbc3706a349fc496cb..2df40fec10e11ee98c4633205ba763ee45678232 100644
--- a/unbound.spec
+++ b/unbound.spec
@@ -2,7 +2,7 @@
 
 Name:          unbound
 Version:       1.17.1
-Release:       6
+Release:       7
 Summary:       Unbound is a validating, recursive, caching DNS resolver
 License:       BSD-3-Clause
 Url:           https://nlnetlabs.nl/projects/unbound/about/
@@ -28,6 +28,7 @@ Patch4:        backport-pre-CVE-2024-33655-Downstream-DNS-Cookies-a-la-RFC7873-a
 Patch5:        backport-pre-CVE-2024-33655-Fix-possibly-unaligned-memory-access-in-parse_edns_options_from_query.patch
 Patch6:        backport-pre-CVE-2024-33655-Fix-out-of-bounds-read-in-parse_edns_options_from_query.patch
 Patch7:        backport-CVE-2024-33655.patch
+Patch8:        backport-CVE-2024-43167-CVE-2024-43168.patch
 
 BuildRequires: make flex swig pkgconfig systemd
 BuildRequires: libevent-devel expat-devel openssl-devel python3-devel
@@ -264,6 +265,12 @@ popd
 %{_mandir}/man*
 
 %changelog
+* Tue Aug 13 2024 tenglei <tenglei@kylinos.cn> - 1.17.1-7
+- Type:cves
+- CVE:CVE-2024-43167,CVE-2024-43168
+- SUG:NA
+- DESC:fix CVE-2024-43167,CVE-2024-43168
+
 * Mon Jun 24 2024 gaihuiying <eaglegai@163.com> - 1.17.1-6
 - Type:bugfix
 - CVE:NA