diff --git a/backport-0013-CVE-2024-34155-track-depth-in-nested-element-lists.patch b/backport-0013-CVE-2024-34155-track-depth-in-nested-element-lists.patch
new file mode 100644
index 0000000000000000000000000000000000000000..a1a761f8455d4242a5a9135e019073fafa8018dd
--- /dev/null
+++ b/backport-0013-CVE-2024-34155-track-depth-in-nested-element-lists.patch
@@ -0,0 +1,60 @@
+commit b232596139dbe96a62edbe3a2a203e856bf556eb
+Author: Roland Shoemaker <bracewell@google.com>
+Date:   Mon Jun 10 15:34:12 2024 -0700
+
+    [release-branch.go1.22] go/parser: track depth in nested element lists
+    
+    Prevents stack exhaustion with extremely deeply nested literal values,
+    i.e. field values in structs.
+    
+    Updates #69138
+    Fixes #69142
+    Fixes CVE-2024-34155
+    
+    Change-Id: I2e8e33b44105cc169d7ed1ae83fb56df0c10f1ee
+    Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1520
+    Reviewed-by: Robert Griesemer <gri@google.com>
+    Reviewed-by: Damien Neil <dneil@google.com>
+    Reviewed-by: Russ Cox <rsc@google.com>
+    (cherry picked from commit eb1b038c0d01761694e7a735ef87ac9164c6568e)
+    Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1561
+    Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
+    Reviewed-on: https://go-review.googlesource.com/c/go/+/611181
+    Reviewed-by: Michael Pratt <mpratt@google.com>
+    TryBot-Bypass: Dmitri Shuralyov <dmitshur@google.com>
+    Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
+    Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
+
+diff --git a/src/go/parser/parser.go b/src/go/parser/parser.go
+index 17808b366f..f268dea1a6 100644
+--- a/src/go/parser/parser.go
++++ b/src/go/parser/parser.go
+@@ -1676,6 +1676,8 @@ func (p *parser) parseElementList() (list []ast.Expr) {
+ }
+ 
+ func (p *parser) parseLiteralValue(typ ast.Expr) ast.Expr {
++	defer decNestLev(incNestLev(p))
++
+ 	if p.trace {
+ 		defer un(trace(p, "LiteralValue"))
+ 	}
+diff --git a/src/go/parser/parser_test.go b/src/go/parser/parser_test.go
+index 43b3416b27..c6dca66760 100644
+--- a/src/go/parser/parser_test.go
++++ b/src/go/parser/parser_test.go
+@@ -598,10 +598,11 @@ var parseDepthTests = []struct {
+ 	{name: "chan2", format: "package main; var x «<-chan »int"},
+ 	{name: "interface", format: "package main; var x «interface { M() «int» }»", scope: true, scopeMultiplier: 2}, // Scopes: InterfaceType, FuncType
+ 	{name: "map", format: "package main; var x «map[int]»int"},
+-	{name: "slicelit", format: "package main; var x = «[]any{«»}»", parseMultiplier: 2},             // Parser nodes: UnaryExpr, CompositeLit
+-	{name: "arraylit", format: "package main; var x = «[1]any{«nil»}»", parseMultiplier: 2},         // Parser nodes: UnaryExpr, CompositeLit
+-	{name: "structlit", format: "package main; var x = «struct{x any}{«nil»}»", parseMultiplier: 2}, // Parser nodes: UnaryExpr, CompositeLit
+-	{name: "maplit", format: "package main; var x = «map[int]any{1:«nil»}»", parseMultiplier: 2},    // Parser nodes: CompositeLit, KeyValueExpr
++	{name: "slicelit", format: "package main; var x = []any{«[]any{«»}»}", parseMultiplier: 3},      // Parser nodes: UnaryExpr, CompositeLit
++	{name: "arraylit", format: "package main; var x = «[1]any{«nil»}»", parseMultiplier: 3},         // Parser nodes: UnaryExpr, CompositeLit
++	{name: "structlit", format: "package main; var x = «struct{x any}{«nil»}»", parseMultiplier: 3}, // Parser nodes: UnaryExpr, CompositeLit
++	{name: "maplit", format: "package main; var x = «map[int]any{1:«nil»}»", parseMultiplier: 3},    // Parser nodes: CompositeLit, KeyValueExpr
++	{name: "element", format: "package main; var x = struct{x any}{x: «{«»}»}"},
+ 	{name: "dot", format: "package main; var x = «x.»x"},
+ 	{name: "index", format: "package main; var x = x«[1]»"},
+ 	{name: "slice", format: "package main; var x = x«[1:2]»"},
diff --git a/golang.spec b/golang.spec
index e88e3e18dde51d5cd50504ab3bf0e320bee08b3e..3e8a69434fa0da19c42bfa7328e3e26a65dba6fb 100644
--- a/golang.spec
+++ b/golang.spec
@@ -66,7 +66,7 @@
 
 Name:           golang
 Version:        1.21.4
-Release:        14
+Release:        15
 Summary:        The Go Programming Language
 License:        BSD and Public Domain
 URL:            https://golang.org/
@@ -132,6 +132,7 @@ Patch6009:	backport-0009-Backport-cmd-go-internal-vcs-error-out-if-the-reques.pa
 Patch6010:	backport-0010-release-branch.go1.21-net-http-limit-chunked-data-ov.patch
 Patch6011:	backport-0011-Backport-archive-zip-treat-truncated-EOCDR-comment-a.patch
 Patch6012:	backport-0012-net-http-send-body-or-close-connection-on-expect-100.patch
+Patch6013:  backport-0013-CVE-2024-34155-track-depth-in-nested-element-lists.patch
 
 ExclusiveArch:  %{golang_arches}
 
@@ -370,6 +371,9 @@ fi
 %files devel -f go-tests.list -f go-misc.list -f go-src.list
 
 %changelog
+* Thu Oct 10 2024 Yu Peng <yupeng@kylinos.cn> - 1.21.4-15
+- fix CVE-2024-34155
+
 * Wed Jul 03 2024 kywqs <weiqingsong@kylinos.cn.com> - 1.21.4-14
 - fix CVE-2024-24791