diff --git a/backport-0001-CVE-2024-24806.patch b/backport-0001-CVE-2024-24806.patch
new file mode 100644
index 0000000000000000000000000000000000000000..3e66e23fd4b1d5078cda03b523d3481d48366953
--- /dev/null
+++ b/backport-0001-CVE-2024-24806.patch
@@ -0,0 +1,50 @@
+From 0f2d7e784a256b54b2385043438848047bc2a629 Mon Sep 17 00:00:00 2001
+From: Ben Noordhuis <info@bnoordhuis.nl>
+Date: Thu, 18 Jan 2024 14:51:40 +0100
+Subject: [PATCH] fix: always zero-terminate idna output
+
+Fixes: https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6
+---
+ src/idna.c       | 5 +++--
+ test/test-idna.c | 4 ++++
+ 2 files changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/src/idna.c b/src/idna.c
+index 3cf79ca94b1..4638546d020 100644
+--- a/src/idna.c
++++ b/src/idna.c
+@@ -356,9 +356,10 @@ ssize_t uv__idna_toascii(const char* s, const char* se, char* d, char* de) {
+       return rc;
+   }
+ 
+-  if (d < de)
+-    *d++ = '\0';
++  if (d >= de)
++    return UV_EINVAL;
+ 
++  *d++ = '\0';
+   return d - ds;  /* Number of bytes written. */
+ }
+ 
+diff --git a/test/test-idna.c b/test/test-idna.c
+index bcacfc8a3ad..5f8d696a7f0 100644
+--- a/test/test-idna.c
++++ b/test/test-idna.c
+@@ -100,6 +100,7 @@ TEST_IMPL(utf8_decode1) {
+ TEST_IMPL(utf8_decode1_overrun) {
+   const char* p;
+   char b[1];
++  char c[1];
+ 
+   /* Single byte. */
+   p = b;
+@@ -113,6 +114,9 @@ TEST_IMPL(utf8_decode1_overrun) {
+   ASSERT_EQ((unsigned) -1, uv__utf8_decode1(&p, b + 1));
+   ASSERT_PTR_EQ(p, b + 1);
+ 
++  b[0] = 0x7F;
++  ASSERT_EQ(UV_EINVAL, uv__idna_toascii(b, b + 1, c, c + 1));
++
+   return 0;
+ }
+ 
diff --git a/backport-0002-CVE-2024-24806.patch b/backport-0002-CVE-2024-24806.patch
new file mode 100644
index 0000000000000000000000000000000000000000..4477fab7e2ad63b63025f43471c3424334c78cfa
--- /dev/null
+++ b/backport-0002-CVE-2024-24806.patch
@@ -0,0 +1,37 @@
+From 3530bcc30350d4a6ccf35d2f7b33e23292b9de70 Mon Sep 17 00:00:00 2001
+From: Ben Noordhuis <info@bnoordhuis.nl>
+Date: Thu, 18 Jan 2024 14:52:38 +0100
+Subject: [PATCH] fix: reject zero-length idna inputs
+
+Fixes: https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6
+---
+ src/idna.c       | 3 +++
+ test/test-idna.c | 1 +
+ 2 files changed, 4 insertions(+)
+
+diff --git a/src/idna.c b/src/idna.c
+index 4638546d020..efc5f283ce2 100644
+--- a/src/idna.c
++++ b/src/idna.c
+@@ -322,6 +322,9 @@ ssize_t uv__idna_toascii(const char* s, const char* se, char* d, char* de) {
+   char* ds;
+   int rc;
+ 
++  if (s == se)
++    return UV_EINVAL;
++
+   ds = d;
+ 
+   si = s;
+diff --git a/test/test-idna.c b/test/test-idna.c
+index 5f8d696a7f0..3c4820f7659 100644
+--- a/test/test-idna.c
++++ b/test/test-idna.c
+@@ -115,6 +115,7 @@ TEST_IMPL(utf8_decode1_overrun) {
+   ASSERT_PTR_EQ(p, b + 1);
+ 
+   b[0] = 0x7F;
++  ASSERT_EQ(UV_EINVAL, uv__idna_toascii(b, b + 0, c, c + 1));
+   ASSERT_EQ(UV_EINVAL, uv__idna_toascii(b, b + 1, c, c + 1));
+ 
+   return 0;
diff --git a/backport-0003-CVE-2024-24806.patch b/backport-0003-CVE-2024-24806.patch
new file mode 100644
index 0000000000000000000000000000000000000000..ca751a3918dc52b2266848364c5cbf1ec3ed5366
--- /dev/null
+++ b/backport-0003-CVE-2024-24806.patch
@@ -0,0 +1,24 @@
+From e0327e1d508b8207c9150b6e582f0adf26213c39 Mon Sep 17 00:00:00 2001
+From: Santiago Gimeno <santiago.gimeno@gmail.com>
+Date: Wed, 7 Feb 2024 20:27:58 +0100
+Subject: [PATCH] test: empty strings are not valid IDNA
+
+Fixes: https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6
+---
+ test/test-idna.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/test/test-idna.c b/test/test-idna.c
+index 3c4820f7659..28f9eaaae9e 100644
+--- a/test/test-idna.c
++++ b/test/test-idna.c
+@@ -151,8 +151,8 @@ TEST_IMPL(idna_toascii) {
+   /* Illegal inputs. */
+   F("\xC0\x80\xC1\x80", UV_EINVAL);  /* Overlong UTF-8 sequence. */
+   F("\xC0\x80\xC1\x80.com", UV_EINVAL);  /* Overlong UTF-8 sequence. */
++  F("", UV_EINVAL);
+   /* No conversion. */
+-  T("", "");
+   T(".", ".");
+   T(".com", ".com");
+   T("example", "example");
diff --git a/libuv.spec b/libuv.spec
index f6c9311150c55c5058851aae24281861d0922f0a..a786aeabc5fc45929e31f2f6c636ec90f333f72e 100644
--- a/libuv.spec
+++ b/libuv.spec
@@ -1,7 +1,7 @@
 Name:           libuv
 Epoch:          1
 Version:        1.47.0
-Release:        1
+Release:        2
 Summary:        A multi-platform support library with a focus on asynchronous I/O
 
 # from README.md
@@ -23,6 +23,10 @@ Patch2: 0002-test-check-if-ipv6-link-local-traffic-is-routable.patch
 # https://github.com/libuv/libuv/pull/4227
 Patch3: 0003-test_fs.c-Fix-issue-on-32-bit-systems-using-btrfs.patch
 
+Patch6000: backport-0001-CVE-2024-24806.patch
+Patch6001: backport-0002-CVE-2024-24806.patch
+Patch6002: backport-0003-CVE-2024-24806.patch
+
 BuildRequires:  autoconf automake libtool gcc make
 
 %description
@@ -77,6 +81,9 @@ make check
 %doc ChangeLog
 
 %changelog
+* Sun Feb 18 2024 shixuantong <shixuantong1@huawei.com> - 1:1.47.0-2
+- fix CVE-2024-24806
+
 * Mon Nov 27 2023 Jingwiw  <wangjingwei@iscas.ac.cn> - 1:1.47.0-1
 - Upgrade to 1.47.0