diff --git a/backport-CVE-2024-31755.patch b/backport-CVE-2024-31755.patch
new file mode 100644
index 0000000000000000000000000000000000000000..608d07173ba721ad0e8aa587cdc622484393aa34
--- /dev/null
+++ b/backport-CVE-2024-31755.patch
@@ -0,0 +1,12 @@
+diff -Naur cJSON-1.7.15/cJSON.c cJSON-1.7.15_cve/cJSON.c
+--- cJSON-1.7.15/cJSON.c	2024-04-26 14:02:46.912066268 +0800
++++ cJSON-1.7.15_cve/cJSON.c	2024-04-26 14:04:07.538061462 +0800
+@@ -406,7 +406,7 @@
+         return NULL;
+     }
+     /* return NULL if the object is corrupted */
+-    if (object->valuestring == NULL)
++    if (object->valuestring == NULL || valuestring == NULL)
+     {
+         return NULL;
+     }
diff --git a/cjson.spec b/cjson.spec
index ad07f22eea9287cf3b52f3b8551ab7ce744d51d9..c79ad5f648423731337f631c560e76049c59b1a6 100644
--- a/cjson.spec
+++ b/cjson.spec
@@ -1,6 +1,6 @@
 Name:           cjson
 Version:        1.7.15
-Release:        3
+Release:        4
 Summary:        Ultralightweight JSON parser in ANSI C
  
 License:        MIT and ASL 2.0
@@ -9,6 +9,7 @@ Source0:        https://github.com/DaveGamble/cJSON/archive/refs/tags/v1.7.15.ta
  
 Patch0001:	backport-CVE-2023-50471_50472.patch
 Patch0002:	backport-fix-potential-memory-leak-in-merge_patch.patch
+Patch003:       backport-CVE-2024-31755.patch
 
 BuildRequires:  gcc
 BuildRequires:  cmake
@@ -53,6 +54,9 @@ rm -f %{buildroot}%{_libdir}/cmake/cJSON/*.cmake
 %{_includedir}/cjson/
 
 %changelog
+* Fri Apr 26 2024 yueyaoqiang <yueyaoqiang@kylinos.cn> - 1.7.15-4
+- fix CVE-2024-31755
+
 * Tue Mar 05 2024 xiejing <xiejing@kylinos.cn> - 1.7.15-3
 - fix potential memory leak in merge_patch()