diff --git a/backport-CVE-2023-4156.patch b/backport-CVE-2023-4156.patch
new file mode 100644
index 0000000000000000000000000000000000000000..b893d2f1c181f7b6f1e6af87a1a9377a1f7327d3
--- /dev/null
+++ b/backport-CVE-2023-4156.patch
@@ -0,0 +1,30 @@
+From e709eb829448ce040087a3fc5481db6bfcaae212 Mon Sep 17 00:00:00 2001
+From: "Arnold D. Robbins" <arnold@skeeve.com>
+Date: Wed, 3 Aug 2022 13:00:54 +0300
+Subject: [PATCH] Smal bug fix in builtin.c.
+
+Reference:https://git.savannah.gnu.org/gitweb/?p=gawk.git;a=commitdiff;h=e709eb829448ce040087a3fc5481db6bfcaae212
+Conflict:delete changlog
+---
+ builtin.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/builtin.c b/builtin.c
+index d7ba82c..3eee9b9 100644
+--- a/builtin.c
++++ b/builtin.c
+@@ -963,7 +963,10 @@ check_pos:
+ 					s1++;
+ 					n0--;
+ 				}
+-				if (val >= num_args) {
++				// val could be less than zero if someone provides a field width
++				// so large that it causes integer overflow. Mainly fuzzers do this,
++				// but let's try to be good anyway.
++				if (val < 0 || val >= num_args) {
+ 					toofew = true;
+ 					break;
+ 				}
+-- 
+2.27.0
+
diff --git a/gawk.spec b/gawk.spec
index 667b768e7cc7401a16917a38fa6d04c012a670f3..f2758ce673ea2f56fc4c9b2582c0e56913b7e1fd 100644
--- a/gawk.spec
+++ b/gawk.spec
@@ -4,7 +4,7 @@
 			 egrep -i "gawk_api_minor.*[0-9]+" | egrep -o "[0-9]")
 Name:		gawk
 Version:	5.1.1
-Release:	4
+Release:	5
 License:	GPLv3+ and GPLv2+ and LGPLv2+ and BSD
 Summary:	The GNU version of the AWK text processing utility
 URL:		https://www.gnu.org/software/gawk/
@@ -14,6 +14,7 @@ Patch1:         Disable-racy-test-in-test-iolint.awk.patch
 Patch2:         Restore-removed-test-in-test-iolint.awk.patch
 Patch3:         Reorder-statements-in-iolint-to-try-to-eliminate-a-r.patch
 Patch4:					gawk-5.1.1-sw.patch
+Patch5:         backport-CVE-2023-4156.patch
 
 BuildRequires:	git gcc automake grep
 BuildRequires:	bison texinfo texinfo-tex ghostscript texlive-ec texlive-cm-super glibc-all-langpacks
@@ -115,6 +116,9 @@ install -m 0644 -p doc/gawkinet.{pdf,ps} ${RPM_BUILD_ROOT}%{_docdir}/%{name}
 %{_datadir}/locale/*
 
 %changelog
+* Mon Aug 28 2023 yangmingtai <yangmingtai@huawei.com> - 5.1.1-5
+- fix CVE-2023-4156
+
 * Sun Apr 23 2023 guoqinglan <guoqinglan@kylinos.com.cn> - 5.1.1-4
 - fix sw_64 build