diff --git a/0003-CVE-2023-34455.patch b/0003-CVE-2023-34455.patch
new file mode 100644
index 0000000000000000000000000000000000000000..fb93b1d3601a88d3228def42b4739f310e81dd5c
--- /dev/null
+++ b/0003-CVE-2023-34455.patch
@@ -0,0 +1,33 @@
+diff --git a/LICENSE-binary b/LICENSE-binary
+index 7d885849c6..8f4b455502 100644
+--- a/LICENSE-binary
++++ b/LICENSE-binary
+@@ -252,7 +252,7 @@ scala-library-2.13.5
+ scala-logging_2.13-3.9.2
+ scala-reflect-2.13.5
+ scala-java8-compat_2.13-0.9.1
+-snappy-java-1.1.8.1
++snappy-java-1.1.10.1
+ zookeeper-3.5.9
+ zookeeper-jute-3.5.9
+ 
+@@ -318,4 +318,4 @@ paranamer-2.8, see: licenses/paranamer-BSD-3-clause
+ Do What The F*ck You Want To Public License
+ see: licenses/DWTFYWTPL
+ 
+-reflections-0.9.12
+\ No newline at end of file
++reflections-0.9.12
+diff --git a/gradle/dependencies.gradle b/gradle/dependencies.gradle
+index 8dcf7af2f2..4565ef664b 100644
+--- a/gradle/dependencies.gradle
++++ b/gradle/dependencies.gradle
+@@ -113,7 +113,7 @@ versions += [
+   scoveragePlugin: "5.0.0",
+   shadowPlugin: "6.1.0",
+   slf4j: "1.7.30",
+-  snappy: "1.1.8.1",
++  snappy: "1.1.10.1",
+   spotbugs: "4.1.4",
+   spotbugsPlugin: "4.6.0",
+   spotlessPlugin: "5.8.2",
diff --git a/kafka.spec b/kafka.spec
index c9c526c1251947683350b4c4b179eb473519e18a..eff35e72872de9cf02de2bdaeaa729fcd332b75a 100644
--- a/kafka.spec
+++ b/kafka.spec
@@ -4,7 +4,7 @@
 
 Name: kafka
 Version: 2.8.2
-Release: 2
+Release: 3
 Summary: A Distributed Streaming Platform.
 
 License: Apache-2.0
@@ -14,6 +14,7 @@ Source2: kafka.service
 Source3: gradle-wrapper.jar
 Patch0: 0001-adopt-huaweimaven.patch
 Patch1: 0002-CVE-2022-41881.patch
+Patch2: 0003-CVE-2023-34455.patch
 
 BuildRequires: systemd java-1.8.0-openjdk-devel
 Provides: kafka = %{version}
@@ -65,6 +66,9 @@ cp -pr licenses/*   $RPM_BUILD_ROOT%{kafka_home}/licenses
 rm -rf %{buildroot}
 
 %changelog
+* Fri Sep 1 2023 sundapeng <sundapeng_yewu@cmss.chinamobile.com> - 2.8.2-3
+- fix CVE-2023-34455.patch
+
 * Wed Aug 30 2023 sundapeng <sundapeng_yewu@cmss.chinamobile.com> - 2.8.2-2
 - fix CVE-2022-41881