diff --git a/Fix-krb5_cccol_have_content-bad-pointer-free.patch b/Fix-krb5_cccol_have_content-bad-pointer-free.patch
new file mode 100644
index 0000000000000000000000000000000000000000..ef56eccca6a99efb78a735518c3a0ac569ac5849
--- /dev/null
+++ b/Fix-krb5_cccol_have_content-bad-pointer-free.patch
@@ -0,0 +1,35 @@
+From 635c8cca65b745476d07c1f5ff701445db25c10d Mon Sep 17 00:00:00 2001
+From: Ilya Gladyshev <ilya.v.gladyshev@gmail.com>
+Date: Wed, 30 Aug 2023 21:19:59 +0100
+Subject: [PATCH] Fix krb5_cccol_have_content() bad pointer free
+
+krb5_cccol_have_content() calls krb5_cc_get_principal() within a loop,
+and frees the resulting principal on success or failure.  Set princ to
+null before each call to ensure we don't free a dangling pointer.
+
+[ghudson@mit.edu: rewrote commit message; moved assignment for greater
+clarity]
+
+ticket: 9103
+tags: pullup
+target_version: 1.21-next
+target_version: 1.20-next
+---
+ src/lib/krb5/ccache/cccursor.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/lib/krb5/ccache/cccursor.c b/src/lib/krb5/ccache/cccursor.c
+index 4bcb66b71..926873f2a 100644
+--- a/src/lib/krb5/ccache/cccursor.c
++++ b/src/lib/krb5/ccache/cccursor.c
+@@ -249,6 +249,7 @@ krb5_cccol_have_content(krb5_context context)
+         save_first_error(context, ret, &errsave);
+         if (ret || cache == NULL)
+             break;
++        princ = NULL;
+         ret = krb5_cc_get_principal(context, cache, &princ);
+         save_first_error(context, ret, &errsave);
+         if (!ret)
+-- 
+2.33.0
+
diff --git a/krb5.spec b/krb5.spec
index 4f9ad2a8fe749916ec00a56127a437bac6b87904..8253b0295ab2487b121fa4bc09f7113ead59f506 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -3,7 +3,7 @@
 
 Name:     krb5
 Version:  1.19.2
-Release:  8
+Release:  9
 Summary:  The Kerberos network authentication protocol
 License:  MIT
 URL:      http://web.mit.edu/kerberos/www/
@@ -35,6 +35,7 @@ Patch12: backport-Fix-many-unlikely-memory-leaks.patch
 Patch13: backport-Free-verto-context-later-in-KDC-cleanup.patch
 Patch14: backport-Fix-kpropd-crash-with-unrecognized-option.patch
 Patch15: CVE-2023-36054.patch
+Patch16: Fix-krb5_cccol_have_content-bad-pointer-free.patch
 
 BuildRequires:  gettext
 BuildRequires:  gcc make automake autoconf pkgconfig pam-devel libselinux-devel byacc
@@ -326,6 +327,9 @@ make -C src check || :
 %{_mandir}/man8/*
 
 %changelog
+* Mon Oct 16 2023 xuraoqing<xuraoqing@huawei.com> - 1.19.2-9
+- Fix krb5_cccol_have_content bad pointer free
+
 * Tue Aug 15 2023 liningjie <liningjie@xfusion.com> - 1.19.2-8
 - fix CVE-2023-36054