diff --git a/CVE-2024-31755.patch b/CVE-2024-31755.patch
new file mode 100644
index 0000000000000000000000000000000000000000..8c20a4c9b15bc4f7d01a5f9f12a755704b63f3c6
--- /dev/null
+++ b/CVE-2024-31755.patch
@@ -0,0 +1,47 @@
+From 00c76717b4315381a1878cca2f10d08544634bf2 Mon Sep 17 00:00:00 2001
+From: Alanscut <Alanscut@google.com>
+Date: Mon, 29 Apr 2024 13:29:12 +0800
+Subject: [PATCH] CVE-2024-31755
+
+Fix NULL valuestring problem in cJSON_SetValuestring.
+This fixes #839 and CVE-2024-31755
+Related issue #845
+
+---
+ cJSON.c            | 7 +++++++
+ tests/misc_tests.c | 1 +
+ 2 files changed, 8 insertions(+)
+
+diff --git a/cJSON.c b/cJSON.c
+index 7543078..349ebbd 100644
+--- a/cJSON.c
++++ b/cJSON.c
+@@ -410,6 +410,13 @@ CJSON_PUBLIC(char*) cJSON_SetValuestring(cJSON *object, const char *valuestring)
+     {
+         return NULL;
+     }
++    /* NULL valuestring causes error with strlen and should be treated separately */
++    if (valuestring == NULL)
++    {
++        cJSON_free(object->valuestring);
++        object->valuestring = NULL;
++        return NULL;
++    }
+     if (strlen(valuestring) <= strlen(object->valuestring))
+     {
+         strcpy(object->valuestring, valuestring);
+diff --git a/tests/misc_tests.c b/tests/misc_tests.c
+index 8031c0d..c11a823 100644
+--- a/tests/misc_tests.c
++++ b/tests/misc_tests.c
+@@ -445,6 +445,7 @@ static void cjson_functions_should_not_crash_with_null_pointers(void)
+     TEST_ASSERT_FALSE(cJSON_Compare(NULL, item, false));
+     TEST_ASSERT_NULL(cJSON_SetValuestring(NULL, "test"));
+     TEST_ASSERT_NULL(cJSON_SetValuestring(corruptedString, "test"));
++    TEST_ASSERT_NULL(cJSON_SetValuestring(item, NULL));
+     cJSON_Minify(NULL);
+     /* skipped because it is only used via a macro that checks for NULL */
+     /* cJSON_SetNumberHelper(NULL, 0); */
+-- 
+2.27.0
+
diff --git a/cjson.spec b/cjson.spec
index ad07f22eea9287cf3b52f3b8551ab7ce744d51d9..5beedfc4a23b403ce4c9e6285106f1969ddf57d5 100644
--- a/cjson.spec
+++ b/cjson.spec
@@ -1,6 +1,6 @@
 Name:           cjson
 Version:        1.7.15
-Release:        3
+Release:        4
 Summary:        Ultralightweight JSON parser in ANSI C
  
 License:        MIT and ASL 2.0
@@ -9,6 +9,7 @@ Source0:        https://github.com/DaveGamble/cJSON/archive/refs/tags/v1.7.15.ta
  
 Patch0001:	backport-CVE-2023-50471_50472.patch
 Patch0002:	backport-fix-potential-memory-leak-in-merge_patch.patch
+Patch0003:	CVE-2024-31755.patch
 
 BuildRequires:  gcc
 BuildRequires:  cmake
@@ -53,6 +54,9 @@ rm -f %{buildroot}%{_libdir}/cmake/cJSON/*.cmake
 %{_includedir}/cjson/
 
 %changelog
+* Fri Apr 26 2024 lvfei <lvfei@kylinos.cn> - 1.7.15-4
+- fix CVE-2024-31755
+
 * Tue Mar 05 2024 xiejing <xiejing@kylinos.cn> - 1.7.15-3
 - fix potential memory leak in merge_patch()