diff --git a/CVE-2022-24736.patch b/CVE-2022-24736.patch
new file mode 100644
index 0000000000000000000000000000000000000000..27862a08549a3ff7eecaef6c98f7677fe5491204
--- /dev/null
+++ b/CVE-2022-24736.patch
@@ -0,0 +1,30 @@
+diff -Naru redis-5.0.14/src/scripting.c redis-5.0.14-new/src/scripting.c
+--- redis-5.0.14/src/scripting.c	2021-10-04 18:58:43.000000000 +0800
++++ redis-5.0.14-new/src/scripting.c	2022-05-17 10:36:15.851022000 +0800
+@@ -463,6 +463,10 @@
+         inuse--;
+         return raise_error ? luaRaiseError(lua) : 1;
+     }
++    
++    /* Pop all arguments from the stack, we do not need them anymore
++     * and this way we guaranty we will have room on the stack for the result. */
++    lua_pop(lua, argc);
+ 
+     /* Setup our fake client for command execution */
+     c->argv = argv;
+@@ -536,7 +540,14 @@
+             }
+             goto cleanup;
+         }
+-    }
++    } else if (server.masterhost == NULL &&
++                   server.repl_min_slaves_max_lag &&
++                   server.repl_min_slaves_to_write &&
++                   server.repl_good_slaves_count < server.repl_min_slaves_to_write)
++        {
++            luaPushError(lua, shared.noreplicaserr->ptr);
++            goto cleanup;
++        }
+ 
+     /* If we reached the memory limit configured via maxmemory, commands that
+      * could enlarge the memory usage are not allowed, but only if this is the
diff --git a/redis5.spec b/redis5.spec
index 16c0ab4b49406810ebea0270b3d9fee26b502616..5feec1d9ad06028720298e45d42a579585fe74f7 100644
--- a/redis5.spec
+++ b/redis5.spec
@@ -6,7 +6,7 @@
 %global Pname redis
 Name:                redis5
 Version:             5.0.14
-Release:             2
+Release:             3
 Summary:             A persistent key-value database
 License:             BSD and MIT
 URL:                 https://redis.io
@@ -24,6 +24,7 @@ Source10:            https://github.com/antirez/%{Pname}-doc/archive/%{doc_commi
 
 Patch0001:           Modify-aarch64-architecture-jemalloc-page-size-from-from-4k-to-64k.patch
 Patch0002:           Fix-display-error-message.patch
+Patch0003:           CVE-2022-24736.patch
 
 BuildRequires:       gcc
 %if %{with tests}
@@ -83,6 +84,7 @@ tar -xvf  %{SOURCE10}
 %setup -n %{Pname}-%{version}
 %ifarch aarch64
 %patch0001 -p1
+%patch0003 -p1
 %endif
 %patch0002 -p1
 mv ../%{Pname}-doc-%{doc_commit} doc
@@ -189,6 +191,10 @@ exit 0
 %{_docdir}/%{Pname}
 
 %changelog
+
+* Tue May 17 2022 yangyang <yangyang480@huawei.com> - 5.0.7-3
+- Fix missing patch in source package
+
 * Sat Dec 04 2021 xu_ping <xuping33@huawei.com> - 5.0.14-2
 - Fix display error message