diff --git a/backport-CVE-2023-45145.patch b/backport-CVE-2023-45145.patch
new file mode 100644
index 0000000000000000000000000000000000000000..fe4abd0d5a8f5e862c9a8f1f2753c3cad7ffcc97
--- /dev/null
+++ b/backport-CVE-2023-45145.patch
@@ -0,0 +1,60 @@
+From 3585f8cd111c09a58d9e811a17c4f37baee25b85 Mon Sep 17 00:00:00 2001
+From: shaominghao <shaominghao@xfusion.com>
+Date: Thu, 21 Dec 2023 16:43:32 +0800
+Subject: [PATCH] Fix issue of listen before chmod on Unix sockets
+
+---
+ src/anet.c | 12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+diff --git a/src/anet.c b/src/anet.c
+index 2981fca..739a675 100644
+--- a/src/anet.c
++++ b/src/anet.c
+@@ -437,13 +437,16 @@ int anetWrite(int fd, char *buf, int count)
+     return totlen;
+ }
+ 
+-static int anetListen(char *err, int s, struct sockaddr *sa, socklen_t len, int backlog) {
++static int anetListen(char *err, int s, struct sockaddr *sa, socklen_t len, int backlog, mode_t perm) {
+     if (bind(s,sa,len) == -1) {
+         anetSetError(err, "bind: %s", strerror(errno));
+         close(s);
+         return ANET_ERR;
+     }
+ 
++    if (sa->sa_family == AF_LOCAL && perm)
++        chmod(((struct sockaddr_un *) sa)->sun_path, perm);
++
+     if (listen(s, backlog) == -1) {
+         anetSetError(err, "listen: %s", strerror(errno));
+         close(s);
+@@ -484,7 +487,7 @@ static int _anetTcpServer(char *err, int port, char *bindaddr, int af, int backl
+ 
+         if (af == AF_INET6 && anetV6Only(err,s) == ANET_ERR) goto error;
+         if (anetSetReuseAddr(err,s) == ANET_ERR) goto error;
+-        if (anetListen(err,s,p->ai_addr,p->ai_addrlen,backlog) == ANET_ERR) s = ANET_ERR;
++        if (anetListen(err,s,p->ai_addr,p->ai_addrlen,backlog,0) == ANET_ERR) s = ANET_ERR;
+         goto end;
+     }
+     if (p == NULL) {
+@@ -521,10 +524,8 @@ int anetUnixServer(char *err, char *path, mode_t perm, int backlog)
+     memset(&sa,0,sizeof(sa));
+     sa.sun_family = AF_LOCAL;
+     strncpy(sa.sun_path,path,sizeof(sa.sun_path)-1);
+-    if (anetListen(err,s,(struct sockaddr*)&sa,sizeof(sa),backlog) == ANET_ERR)
++    if (anetListen(err,s,(struct sockaddr*)&sa,sizeof(sa),backlog,perm) == ANET_ERR)
+         return ANET_ERR;
+-    if (perm)
+-        chmod(sa.sun_path, perm);
+     return s;
+ }
+ 
+@@ -656,3 +657,4 @@ int anetFormatSock(int fd, char *fmt, size_t fmt_len) {
+     anetSockName(fd,ip,sizeof(ip),&port);
+     return anetFormatAddr(fmt, fmt_len, ip, port);
+ }
++
+-- 
+2.27.0
+
diff --git a/redis5.spec b/redis5.spec
index 16c0ab4b49406810ebea0270b3d9fee26b502616..d7d8954b3c23c2ccbab5851df5333752eb19a4db 100644
--- a/redis5.spec
+++ b/redis5.spec
@@ -6,7 +6,7 @@
 %global Pname redis
 Name:                redis5
 Version:             5.0.14
-Release:             2
+Release:             3
 Summary:             A persistent key-value database
 License:             BSD and MIT
 URL:                 https://redis.io
@@ -24,6 +24,7 @@ Source10:            https://github.com/antirez/%{Pname}-doc/archive/%{doc_commi
 
 Patch0001:           Modify-aarch64-architecture-jemalloc-page-size-from-from-4k-to-64k.patch
 Patch0002:           Fix-display-error-message.patch
+Patch0003:           backport-CVE-2023-45145.patch
 
 BuildRequires:       gcc
 %if %{with tests}
@@ -85,6 +86,7 @@ tar -xvf  %{SOURCE10}
 %patch0001 -p1
 %endif
 %patch0002 -p1
+%patch0003 -p1
 mv ../%{Pname}-doc-%{doc_commit} doc
 mv deps/lua/COPYRIGHT    COPYRIGHT-lua
 mv deps/hiredis/COPYING  COPYING-hiredis
@@ -189,6 +191,9 @@ exit 0
 %{_docdir}/%{Pname}
 
 %changelog
+* Fri Dec 22 2023 shaominghao <shaominghao@xfusion.com> - 5.0.14-3
+- Fix CVE-2023-45145
+
 * Sat Dec 04 2021 xu_ping <xuping33@huawei.com> - 5.0.14-2
 - Fix display error message