diff --git a/glibc.spec b/glibc.spec
index 7e6cbf1aa9011f9b781aa64c2724e73448b2c298..d106d3cccd1e6c77943a982ff5c96ab2a2afe37b 100644
--- a/glibc.spec
+++ b/glibc.spec
@@ -66,7 +66,7 @@
 ##############################################################################
 Name: 	 	glibc
 Version: 	2.34
-Release: 	147
+Release: 	148
 Summary: 	The GNU libc libraries
 License:	%{all_license}
 URL: 		http://www.gnu.org/software/glibc/
@@ -286,6 +286,7 @@ Patch199: elf-Add-a-way-to-check-if-tunable-is-set-BZ-27069.patch
 Patch200: malloc-Improve-MAP_HUGETLB-with-glibc.malloc.hugetlb.patch
 Patch201: iconv-ISO-2022-CN-EXT-fix-out-of-bound-writes-when-w.patch
 Patch202: backport-resolv_conf-release-lock-on-allocation-failure-bug-30527.patch
+Patch203: nscd-Stack-based-buffer-overflow-in-netgroup-cache-CVE-2024-33599.patch
 
 Patch9000: turn-default-value-of-x86_rep_stosb_threshold_form_2K_to_1M.patch
 Patch9001: delete-no-hard-link-to-avoid-all_language-package-to.patch 
@@ -1501,6 +1502,9 @@ fi
 %endif
 
 %changelog
+* Fri Apr 26 2024 yueyaoqiang <yueyaoqiang@kylinos.cn> - 2.34-148
+- CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache (bug 31677)
+
 * Wed Apr 24 2024 Lixing <lixing@loongson.cn> - 2.34-147
 - Add missing LoongArch relocation type in elf.h
 
diff --git a/nscd-Stack-based-buffer-overflow-in-netgroup-cache-CVE-2024-33599.patch b/nscd-Stack-based-buffer-overflow-in-netgroup-cache-CVE-2024-33599.patch
new file mode 100644
index 0000000000000000000000000000000000000000..a963b7982745b63f4658bc440d9cb07e32dd4551
--- /dev/null
+++ b/nscd-Stack-based-buffer-overflow-in-netgroup-cache-CVE-2024-33599.patch
@@ -0,0 +1,19 @@
+diff -Naur glibc-2.34/nscd/netgroupcache.c glibc-2.34_cve/nscd/netgroupcache.c
+--- glibc-2.34/nscd/netgroupcache.c	2021-08-02 09:33:43.000000000 +0800
++++ glibc-2.34_cve/nscd/netgroupcache.c	2024-04-28 10:31:26.118815129 +0800
+@@ -503,12 +503,13 @@
+       = (struct indataset *) mempool_alloc (db,
+ 					    sizeof (*dataset) + req->key_len,
+ 					    1);
+-  struct indataset dataset_mem;
+   bool cacheable = true;
+   if (__glibc_unlikely (dataset == NULL))
+     {
+       cacheable = false;
+-      dataset = &dataset_mem;
++      /* The alloca is safe because nscd_run_worker verfies that
++	 key_len is not larger than MAXKEYLEN.  */
++      dataset = alloca (sizeof (*dataset) + req->key_len);
+     }
+ 
+   datahead_init_pos (&dataset->head, sizeof (*dataset) + req->key_len,