diff --git a/backport-CVE-2023-39128.patch b/backport-CVE-2023-39128.patch
new file mode 100644
index 0000000000000000000000000000000000000000..659e238e5a0c405f3744549359138c260d556d80
--- /dev/null
+++ b/backport-CVE-2023-39128.patch
@@ -0,0 +1,35 @@
+From 97a2288fb7aa2078b5a63166819ed8b33fc71ab2 Mon Sep 17 00:00:00 2001
+From: liningjie <liningjie@xfusion.com>
+Date: Fri, 28 Jul 2023 14:00:03 +0800
+Subject: [PATCH] Avoid buffer overflow in ada_decode
+
+A bug report pointed out a buffer overflow in ada_decode, which Keith
+helpfully analyzed.  ada_decode had a logic error when the input was
+all digits.  While this isn't valid -- and would probably only appear
+in fuzzer tests -- it still should be handled properly.
+
+This patch adds a missing bounds check.  Tested with the self-tests in
+an asan build.
+
+Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=30639
+Reviewed-by: Keith Seitz <keiths@redhat.com>
+---
+ gdb/ada-lang.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gdb/ada-lang.c b/gdb/ada-lang.c
+index 0c2d4fc..1ff74ca 100644
+--- a/gdb/ada-lang.c
++++ b/gdb/ada-lang.c
+@@ -1184,7 +1184,7 @@ ada_decode (const char *encoded)
+         i -= 1;
+       if (i > 1 && encoded[i] == '_' && encoded[i - 1] == '_')
+         len0 = i - 1;
+-      else if (encoded[i] == '$')
++      else if (i >= 0 && encoded[i] == '$')
+         len0 = i;
+     }
+ 
+-- 
+2.33.0
+
diff --git a/gdb.spec b/gdb.spec
index 5f927949034e9781ee29ae3d05f240bae590fc7e..b6c43a03cf0a18ce960b8e6ab9efa9f715b0348f 100644
--- a/gdb.spec
+++ b/gdb.spec
@@ -1,6 +1,6 @@
 Name: gdb
 Version: 9.2
-Release: 3
+Release: 4
 
 License: GPLv3+ and GPLv3+ with exceptions and GPLv2+ and GPLv2+ with exceptions and GPL+ and LGPLv2+ and LGPLv3+ and BSD and Public Domain and GFDL-1.3
 Source: ftp://sourceware.org/pub/gdb/releases/gdb-%{version}.tar.xz
@@ -148,6 +148,7 @@ Patch98:   gdb-rhbz1822715-fix-python-deprecation.patch
 Patch99:   gdb-rhbz1829702-fix-python39.patch
 Patch100:  gdb-rhbz1844458-use-fputX_unfiltered.patch
 Patch101:  gdb-rhbz1838777-debuginfod.patch
+Patch102:  backport-CVE-2023-39128.patch
 # Fedora patch end
 
 BuildRequires: rpm-libs autoconf
@@ -395,6 +396,9 @@ rm -f $RPM_BUILD_ROOT%{_datadir}/gdb/python/gdb/command/backtrace.py
 %{_infodir}/gdb.info*
 
 %changelog
+* Sun Sep 3 2023 liningjie <liningjie@xfusion.com> - 9.2-4
+- fix CVE-2023-39128
+
 * Wed Mar 31 2021 xinghe <xinghe1@huawei.com> - 9.2-3
 - fix typo for name