diff --git a/CVE-2023-26552.patch b/CVE-2023-26552.patch
new file mode 100644
index 0000000000000000000000000000000000000000..a262750df28f36085b947dd6e0982a20a960d16d
--- /dev/null
+++ b/CVE-2023-26552.patch
@@ -0,0 +1,36 @@
+Subject: [PATCH] CVE-2023-26552
+---
+Index: libntp/mstolfp.c
+IDEA additional info:
+Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
+<+>UTF-8
+===================================================================
+diff --git a/libntp/mstolfp.c b/libntp/mstolfp.c
+--- a/libntp/mstolfp.c
++++ b/libntp/mstolfp.c
+@@ -14,7 +14,7 @@
+ 	l_fp *lfp
+ 	)
+ {
+-	register const char *cp;
++	register const char *cp, *end;
+ 	register char *bp;
+ 	register const char *cpdec;
+ 	char buf[100];
+@@ -41,6 +41,16 @@
+
+ 	if (*cp != '.' && !isdigit((unsigned char)*cp))
+ 	    return 0;
++
++    /*
++    * Make sure the buffer has enough room for the input string and the
++    * extra characters, in the worst case replacing "." with "0.000"
++    */
++    end = cp;
++    while (isdigit((unsigned char)*end) || *end == '.')
++        end++;
++    if (end - cp + 4 >= sizeof (buf) - (bp - buf))
++        return 0;
+
+
+ 	/*
diff --git a/ntp.spec b/ntp.spec
index 06bdf06612240ae8f9e4e572d8c35817b5ba6713..441fa4c97e4fac1ac17ef90d535a598220cd114d 100644
--- a/ntp.spec
+++ b/ntp.spec
@@ -2,7 +2,7 @@
 
 Name:                  ntp
 Version:               4.2.8p15
-Release:               6
+Release:               7
 Summary:               A protocol designed to synchronize the clocks of computers over a network
 License:               MIT and BSD and BSD with advertising
 URL:                   https://www.ntp.org/
@@ -26,6 +26,7 @@ Patch3:                bugfix-fix-ifindex-length.patch
 Patch4:                fix-multiple-defination-with-gcc-10.patch
 Patch5:                Do-not-use-PTHREAD_STACK_MIN-on-glibc.patch
 Patch6:                fix-MD5-manpage.patch
+Patch7:                CVE-2023-26552.patch
 
 BuildRequires:	       libcap-devel openssl-devel libedit-devel libevent-devel pps-tools-devel
 BuildRequires:         autogen autogen-libopts-devel systemd gcc perl-generators perl-HTML-Parser
@@ -209,6 +210,12 @@ make check
 %{_mandir}/man8/*.8*
 
 %changelog
+* Sun Apr 23 2023 ZCWei51 <u201911736@hust.edu.cn> - 4.2.8p15-7
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:backport-CVE-2023-26552
+
 * Tue Oct 18 2022 chengyechun <chengyechun1@huawei.com> - 4.2.8p15-6
 - Type:bugfix
 - ID:NA