diff --git a/backport-CVE-2022-22747-Bug-1735028-check-for-missing.patch b/backport-CVE-2022-22747-Bug-1735028-check-for-missing.patch
new file mode 100644
index 0000000000000000000000000000000000000000..0adc8655fa332744fdf0280a7afee7f49690d191
--- /dev/null
+++ b/backport-CVE-2022-22747-Bug-1735028-check-for-missing.patch
@@ -0,0 +1,51 @@
+From 074e29e6724d443d3161ee2982ba7f017d3075dd Mon Sep 17 00:00:00 2001
+From: "John M. Schanck" <jschanck@mozilla.com>
+Date: Mon, 11 Oct 2021 22:09:25 +0000
+Subject: [PATCH] Bug 1735028 - check for missing signedData field r=keeler
+
+Differential Revision: https://phabricator.services.mozilla.com/D128112
+---
+ gtests/certdb_gtest/decode_certs_unittest.cc | 13 +++++++++++++
+ lib/pkcs7/certread.c                         |  5 +++++
+ 2 files changed, 18 insertions(+)
+
+diff --git a/gtests/certdb_gtest/decode_certs_unittest.cc b/gtests/certdb_gtest/decode_certs_unittest.cc
+index 405194edc..3317ae8ee 100644
+--- a/gtests/certdb_gtest/decode_certs_unittest.cc
++++ b/gtests/certdb_gtest/decode_certs_unittest.cc
+@@ -26,3 +26,16 @@ TEST_F(DecodeCertsTest, EmptyCertPackage) {
+                          sizeof(emptyCertPackage)));
+   EXPECT_EQ(SEC_ERROR_BAD_DER, PR_GetError());
+ }
++
++TEST_F(DecodeCertsTest, EmptySignedData) {
++  // This represents a PKCS#7 ContentInfo of contentType
++  // 1.2.840.113549.1.7.2 (signedData) with missing content.
++  unsigned char emptySignedData[] = {0x30, 0x80, 0x06, 0x09, 0x2a, 0x86,
++                                     0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07,
++                                     0x02, 0x00, 0x00, 0x05, 0x00};
++
++  EXPECT_EQ(nullptr,
++            CERT_DecodeCertFromPackage(reinterpret_cast<char*>(emptySignedData),
++                                       sizeof(emptySignedData)));
++  EXPECT_EQ(SEC_ERROR_BAD_DER, PR_GetError());
++}
+diff --git a/lib/pkcs7/certread.c b/lib/pkcs7/certread.c
+index 3091f9947..15094f2d7 100644
+--- a/lib/pkcs7/certread.c
++++ b/lib/pkcs7/certread.c
+@@ -139,6 +139,11 @@ SEC_ReadPKCS7Certs(SECItem *pkcs7Item, CERTImportCertificateFunc f, void *arg)
+         goto done;
+     }
+ 
++    if (contentInfo.content.signedData == NULL) {
++        PORT_SetError(SEC_ERROR_BAD_DER);
++        goto done;
++    }
++
+     rv = SECSuccess;
+ 
+     certs = contentInfo.content.signedData->certificates;
+-- 
+2.33.0
+
diff --git a/nss.spec b/nss.spec
index 35ea54887b3de57f0b33c3c05071f76cfb6e7d3f..04e4131dd732aaa8451d75c03b458a92a4050639 100644
--- a/nss.spec
+++ b/nss.spec
@@ -14,7 +14,7 @@
 Summary:          Network Security Services
 Name:             nss
 Version:          %{nss_version}
-Release:          10
+Release:          11
 License:          MPLv2.0
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Provides:         nss-system-init
@@ -47,6 +47,7 @@ Patch4:           backport-CVE-2020-25648-tighten-CSS-handling-in-compatibility-
 Patch5:           backport-0001-CVE-2020-12403.patch
 Patch6:           backport-0002-CVE-2020-12403.patch
 Patch7:           backport-Bug-1666891-Add-PK11_Pub-Wrap-Unwrap.patch
+Patch8:           backport-CVE-2022-22747-Bug-1735028-check-for-missing.patch
 
 Patch6000:        backport-CVE-2021-43527.patch
 
@@ -140,6 +141,7 @@ Help document for NSS
 %patch6 -p1
 pushd nss
 %patch7 -p1
+%patch8 -p1
 %patch6000 -p1
 popd
 
@@ -562,6 +564,9 @@ update-crypto-policies &> /dev/null || :
 %doc %{_mandir}/man*
 
 %changelog
+* Tue May 20 2025 steven <steven_ygui@163.com> - 3.54.0-11
+- fix cve-2022-22747
+
 * Tue Feb 20 2024 jinlun <jinlun@huawei.com> - 3.54.0-10
 - Add PK11_Pub{Wrap, Unwrap}SymkeyWithMechanism r=mt,rrelyea Summary