diff --git a/fix-CVE-2023-33953-add-header-limit.patch b/fix-CVE-2023-33953-add-header-limit.patch
new file mode 100644
index 0000000000000000000000000000000000000000..62275896c337980acdea3aafbf7a9b7dddb8f318
--- /dev/null
+++ b/fix-CVE-2023-33953-add-header-limit.patch
@@ -0,0 +1,37 @@
+From 5fe782778f535ae68508fb7979df1cbfbdf4d6de Mon Sep 17 00:00:00 2001
+From: sunsuwan <sunsuwan3@huawei.com>
+Date: Mon, 4 Sep 2023 21:45:49 +0800
+Subject: [PATCH] CVE-2023-33953 add header limit
+
+Signed-off-by: zhouyihang <zhouyihang3@h-partners.com>
+Signed-off-by: sunsuwan <sunsuwan3@huawei.com>
+---
+ .../ext/transport/chttp2/transport/hpack_parser.cc   | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/src/core/ext/transport/chttp2/transport/hpack_parser.cc b/src/core/ext/transport/chttp2/transport/hpack_parser.cc
+index 09681fa..6b191a7 100644
+--- a/src/core/ext/transport/chttp2/transport/hpack_parser.cc
++++ b/src/core/ext/transport/chttp2/transport/hpack_parser.cc
+@@ -1372,6 +1372,18 @@ grpc_error_handle grpc_chttp2_header_parser_parse(void* hpack_parser,
+   auto* parser = static_cast<grpc_core::HPackParser*>(hpack_parser);
+   if (s != nullptr) {
+     s->stats.incoming.header_bytes += GRPC_SLICE_LENGTH(slice);
++    if (s->stats.incoming.header_bytes > t->settings[GRPC_ACKED_SETTINGS]
++                                                    [GRPC_CHTTP2_SETTINGS_MAX_HEADER_LIST_SIZE]) {
++      grpc_chttp2_cancel_stream(
++      t, s,
++      grpc_error_set_int(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
++                             "received header size exceeds limit"),
++                         GRPC_ERROR_INT_GRPC_STATUS,
++                         GRPC_STATUS_RESOURCE_EXHAUSTED));
++      grpc_chttp2_parsing_become_skip_parser(t);
++      s->seen_error = true;
++      return GRPC_ERROR_NONE;
++    }
+   }
+   grpc_error_handle error = parser->Parse(slice, is_last != 0);
+   if (error != GRPC_ERROR_NONE) {
+-- 
+2.33.0
+
diff --git a/grpc.spec b/grpc.spec
index b3eedcd3386400b422fbe520e580ccc3b28b8359..f22227e426a9bb0916ce67d767a8b1aba18267db 100644
--- a/grpc.spec
+++ b/grpc.spec
@@ -3,7 +3,7 @@
 
 Name:          grpc
 Version:       1.41.1
-Release:       5
+Release:       6
 Summary:       A modern, open source high performance RPC framework that can run in any environment
 License:       ASL 2.0
 URL:           https://www.grpc.io
@@ -14,6 +14,7 @@ Patch0007:     add-secure-compile-option-in-Makefile.patch
 Patch0010:     backport-grpc-1.41.1-python-grpcio-use-system-abseil.patch
 Patch0011:     backport-Ignore-Connection-Aborted-errors-on-accept-29318.patch
 Patch0012:     backport-iomgr-EventEngine-Improve-server-handling-o.patch
+Patch0013:     fix-CVE-2023-33953-add-header-limit.patch
 
 BuildRequires: gcc-c++ pkgconfig protobuf-devel protobuf-compiler
 BuildRequires: openssl-devel c-ares-devel gtest-devel zlib-devel gperftools-devel
@@ -140,6 +141,12 @@ cd ../..
 %{python3_sitearch}/grpcio-%{version}-py?.?.egg-info
 
 %changelog
+* Fri Sep 22 2023 zhouyihang<zhouyihang3@h-partners.com> - 1.41.1-6
+- Type:CVE
+- ID:CVE-2023-33953
+- SUG:NA
+- DESC:fix CVE-2023-33953
+
 * Wed Sep 20 2023 zhouyihang<zhouyihang3@h-partners.com> - 1.41.1-5
 - Type:CVE
 - ID:CVE-2023-4785