diff --git a/CVE-2021-31348.patch b/CVE-2021-31348.patch
new file mode 100644
index 0000000000000000000000000000000000000000..b27f9719d79c2690250511b0c3613018c23c8048
--- /dev/null
+++ b/CVE-2021-31348.patch
@@ -0,0 +1,12 @@
+diff -Naru "netcdf-c-4.7.3 copy/libdap4/ezxml.c" netcdf-c-4.7.3/libdap4/ezxml.c
+--- "netcdf-c-4.7.3 copy/libdap4/ezxml.c"	2022-07-13 10:24:32.128424000 +0800
++++ netcdf-c-4.7.3/libdap4/ezxml.c	2022-07-13 10:24:57.220170000 +0800
+@@ -574,7 +574,7 @@
+             for (l = 0; *s && ((! l && *s != '>') || (l && (*s != ']' ||
+                  *(s + strspn(s + 1, EZXML_WS) + 1) != '>')));
+                  l = (*s == '[') ? 1 : l) s += strcspn(s + 1, "[]>") + 1;
+-            if (! *s && e != '>')
++            if (! *s)
+                 return ezxml_err(root, d, "unclosed <!DOCTYPE");
+             d = (l) ? strchr(d, '[') + 1 : d;
+             if (l && ! ezxml_internal_dtd(root, d, s++ - d)) return &root->xml;
diff --git a/netcdf.spec b/netcdf.spec
index 7afa414263f6c31c9478e11449079ca71aac93e3..013ab7b7fd354b9cb6d4978102632aa869a29018 100644
--- a/netcdf.spec
+++ b/netcdf.spec
@@ -1,11 +1,12 @@
 Name:           netcdf
 Version:        4.7.3
-Release:        1
+Release:        2
 Summary:        Libraries for the Unidata network Common Data Form
 
 License:        NetCDF
 URL:            https://github.com/Unidata/netcdf-c
 Source0:        https://github.com/Unidata/netcdf-c/archive/v%{version}/%{name}-%{version}.tar.gz
+Patch0000:      CVE-2021-31348.patch
 
 BuildRequires:  make
 BuildRequires:  environment-modules
@@ -35,13 +36,13 @@ Requires:       hdf5%{?_isa} = %{_hdf5_version}
 %endif
 
 %description
-NetCDF (network Common Data Form) is an interface for array-oriented 
-data access and a freely-distributed collection of software libraries 
-for C, Fortran, C++, and perl that provides an implementation of the 
-interface.  The NetCDF library also defines a machine-independent 
-format for representing scientific data.  Together, the interface, 
-library, and format support the creation, access, and sharing of 
-scientific data. The NetCDF software was developed at the Unidata 
+NetCDF (network Common Data Form) is an interface for array-oriented
+data access and a freely-distributed collection of software libraries
+for C, Fortran, C++, and perl that provides an implementation of the
+interface.  The NetCDF library also defines a machine-independent
+format for representing scientific data.  Together, the interface,
+library, and format support the creation, access, and sharing of
+scientific data. The NetCDF software was developed at the Unidata
 Program Center in Boulder, Colorado.
 
 %package devel
@@ -52,7 +53,7 @@ Requires:       hdf5-devel%{?_isa}
 Requires:       libcurl-devel%{?_isa}
 
 %description devel
-This package contains the netCDF C header files, shared devel libs, and 
+This package contains the netCDF C header files, shared devel libs, and
 man pages.
 
 
@@ -202,7 +203,7 @@ done
 %endif
 
 %check
-make %{?_smp_mflags} -C build check 
+make %{?_smp_mflags} -C build check
 %ldconfig_scriptlets
 
 %files
@@ -291,6 +292,9 @@ make %{?_smp_mflags} -C build check
 %endif
 
 %changelog
+* Wed Jul 13 2022 dengyuyu <yuyu.deng@epro.com.cn> - 4.7.3-2
+- fix CVE-2021-31348
+
 * Fri Tue 30 2021 caodongxia <caodongxia@huawei.com> - 4.7.3-1
 - Upgrade to 4.7.3