diff --git a/backport-CVE-2022-4450.patch b/backport-CVE-2022-4450.patch
new file mode 100644
index 0000000000000000000000000000000000000000..b8364cdb319470f49bee2a99db6d30b1a002f842
--- /dev/null
+++ b/backport-CVE-2022-4450.patch
@@ -0,0 +1,41 @@
+From bbcf509bd046b34cca19c766bbddc31683d0858b Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Tue, 13 Dec 2022 14:54:55 +0000
+Subject: [PATCH] Avoid dangling ptrs in header and data params for
+ PEM_read_bio_ex
+
+In the event of a failure in PEM_read_bio_ex() we free the buffers we
+allocated for the header and data buffers. However we were not clearing
+the ptrs stored in *header and *data. Since, on success, the caller is
+responsible for freeing these ptrs this can potentially lead to a double
+free if the caller frees them even on failure.
+
+Thanks to Dawei Wang for reporting this issue.
+
+Based on a proposed patch by Kurt Roeckx.
+
+CVE-2022-4450
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Hugo Landau <hlandau@openssl.org>
+---
+ crypto/pem/pem_lib.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
+index d416d939ea..328c30cdbb 100644
+--- a/crypto/pem/pem_lib.c
++++ b/crypto/pem/pem_lib.c
+@@ -957,7 +957,9 @@ int PEM_read_bio_ex(BIO *bp, char **name_out, char **header,
+     *data = pem_malloc(len, flags);
+     if (*header == NULL || *data == NULL) {
+         pem_free(*header, flags, 0);
++        *header = NULL;
+         pem_free(*data, flags, 0);
++        *data = NULL;
+         goto end;
+     }
+     BIO_read(headerB, *header, headerlen);
+-- 
+2.34.1
+
diff --git a/openresty-openssl111.spec b/openresty-openssl111.spec
index 260343d839f8d4fcf7926657cff10ff701f6ed26..2f18addc0af67c1b4fec5011c966023250aca996 100644
--- a/openresty-openssl111.spec
+++ b/openresty-openssl111.spec
@@ -1,6 +1,6 @@
 Name:               openresty-openssl111
 Version:            1.1.1h
-Release:            3
+Release:            4
 Summary:            OpenSSL library for OpenResty
 
 Group:              Development/Libraries
@@ -13,6 +13,7 @@ Source0:            https://www.openssl.org/source/openssl-%{version}.tar.gz
 Patch0:             openssl-1.1.1f-sess_set_get_cb_yield.patch
 Patch99:            0099-copy-dir.sh.patch
 Patch100:           CVE-2021-23841.patch
+Patch101:           backport-CVE-2022-4450.patch
 
 BuildRoot:          %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
@@ -117,6 +118,7 @@ Provides C header and static library for the debug version of OpenResty's OpenSS
 %patch0 -p1
 %patch99 -p1
 %patch100 -p1
+%patch101 -p1
 
 %build
 bash ./copy-dir.sh
@@ -259,6 +261,9 @@ rm -rf %{buildroot}
 %attr(0755,root,root) %{openssl_prefix_debug}/lib/*.a
 
 %changelog
+* Sat Dec 23 2023 liningjie <liningjie@xfusion.com> - 1.1.1h-4
+- Fix CVE-2022-4450
+
 * Fri Dec 22 2023 wangxinjian <wangxinjian@xfusion.com> - 1.1.1h-3
 - fix CVE-2021-23841