diff --git a/backport-tool_getparam-clear-argument-only-when-needed.patch b/backport-tool_getparam-clear-argument-only-when-needed.patch
new file mode 100644
index 0000000000000000000000000000000000000000..611fb7de613131e6cd445be8280f94b1460e8af3
--- /dev/null
+++ b/backport-tool_getparam-clear-argument-only-when-needed.patch
@@ -0,0 +1,124 @@
+From da9494eef043aca89ebdb5e4e14fcceef52c98e7 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 15 Apr 2025 17:27:47 +0200
+Subject: [PATCH] tool_getparam: clear argument only when needed
+
+Test 699 verifies
+
+Reported-by: bsr13 on hackerone
+Closes #17112
+
+Conflict:tests/data/Makefile.am => tests/data/Makefile.inc
+%LOGDIR => log
+context adapt
+Reference:https://github.com/curl/curl/commit/da9494eef043aca89ebdb5e4e14fcceef52c98e7
+---
+ src/tool_getparam.c    |  6 +++--
+ tests/data/Makefile.inc |  2 +-
+ tests/data/test699     | 57 ++++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 62 insertions(+), 3 deletions(-)
+ create mode 100644 tests/data/test699
+
+diff --git a/src/tool_getparam.c b/src/tool_getparam.c
+index a55973a60..e64239e5f 100644
+--- a/src/tool_getparam.c
++++ b/src/tool_getparam.c
+@@ -1785,7 +1785,8 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
+         nextarg = (char *)&parse[1]; /* this is the actual extra parameter */
+         singleopt = TRUE;   /* don't loop anymore after this */
+ #ifdef HAVE_WRITABLE_ARGV
+-        clearthis = &cleararg1[parse + 2 - flag];
++        if(cleararg1)
++          clearthis = &cleararg1[parse + 2 - flag];
+ #endif
+       }
+       else if(!nextarg)
+@@ -1794,7 +1795,8 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
+         return PARAM_REQUIRES_PARAMETER;
+       else {
+ #ifdef HAVE_WRITABLE_ARGV
+-        clearthis = cleararg2;
++        if(cleararg2)
++          clearthis = cleararg2;
+ #endif
+         *usedarg = TRUE; /* mark it as used */
+       }
+diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
+index 8d83f11ed..5936494fa 100644
+--- a/tests/data/Makefile.inc
++++ b/tests/data/Makefile.inc
+@@ -101,7 +101,7 @@ test654 test655 test656 test658 test659 test660 test661 test662 test663 \
+ test652 test653 test654 test655 test656 test658 test659 test660 test661 \
+ test662 test663 test664 test665 test666 test667 test668 test669 \
+ test670 test671 test672 test673 test674 test675 test676 test677 test678 \
+-\
++test699 \
+ test700 test701 test702 test703 test704 test705 test706 test707 test708 \
+ test709 test710 test711 test712 test713 test714 test715 test716 test717 \
+ test718 test728 \
+diff --git a/tests/data/test699 b/tests/data/test699
+new file mode 100644
+index 000000000..4d1a2d9dd
+--- /dev/null
++++ b/tests/data/test699
+@@ -0,0 +1,57 @@
++<testcase>
++<info>
++<keywords>
++HTTP
++--config
++</keywords>
++</info>
++
++#
++# Server-side
++<reply>
++<data crlf="yes">
++HTTP/1.1 200 OK
++Date: Tue, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake
++Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
++ETag: "21025-dc7-39462498"
++Accept-Ranges: bytes
++Content-Length: 6
++Connection: close
++Content-Type: text/html
++Funny-head: yesyes
++
++-foo-
++</data>
++</reply>
++
++#
++# Client-side
++<client>
++<server>
++http
++</server>
++<name>
++--config with single-letter options plus one that is cleared
++</name>
++<file name="log/cmd">
++-Lfuhej:you
++</file>
++<command>
++http://%HOSTIP:%HTTPPORT/%TESTNUMBER -K log/cmd
++</command>
++</client>
++
++#
++# Verify data after the test has been "shot"
++<verify>
++<protocol crlf="yes">
++GET /%TESTNUMBER HTTP/1.1
++Host: %HOSTIP:%HTTPPORT
++Authorization: Basic aGVqOnlvdQ==
++User-Agent: curl/%VERSION
++Accept: */*
++
++</protocol>
++</verify>
++</testcase>
+-- 
+2.43.0
+
diff --git a/curl.spec b/curl.spec
index 4eecbf5b9fba454820749bc12e5a9cb25ccd750f..66383d23779ce9910b689b200ddc83e6a9aa80ea 100644
--- a/curl.spec
+++ b/curl.spec
@@ -6,7 +6,7 @@
 
 Name:           curl
 Version:        7.79.1
-Release:        40
+Release:        41
 Summary:        Curl is used in command lines or scripts to transfer data
 License:        MIT
 URL:            https://curl.haxx.se/
@@ -120,6 +120,7 @@ Patch106:       backport-tool_getparam-clear-sensitive-arguments-better.patch
 Patch107:       backport-libssh-fix-freeing-of-resources-in-disconnect.patch
 Patch108:       backport-openssl-fix-crash-on-missing-cert-password.patch
 Patch109:       backport-curl_path-make-SFTP-handle-a-path-like-properly.patch
+Patch110:       backport-tool_getparam-clear-argument-only-when-needed.patch
 
 BuildRequires:  automake brotli-devel coreutils gcc groff krb5-devel
 BuildRequires:  libidn2-devel libnghttp2-devel libpsl-devel
@@ -288,6 +289,12 @@ rm -rf ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_mandir}/man3/*
 
 %changelog
+* Mon Aug 18 2025 zhouyihang <zhouyihang3@h-partners.com> - 7.79.1-41
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:tool_getparam: clear argument only when needed
+
 * Mon Jul 28 2025 xinghe <xinghe2@h-partners.com> - 7.79.1-40
 - Type:bugfix
 - CVE:NA