diff --git a/0007-CVE-2023-7104.patch b/0007-CVE-2023-7104.patch
new file mode 100644
index 0000000000000000000000000000000000000000..bded7fdbff8ddeed4a42241e24c42dd07bb837f0
--- /dev/null
+++ b/0007-CVE-2023-7104.patch
@@ -0,0 +1,45 @@
+it From a756d158b3e55831975feb45b753ba499d2adeda Mon Sep 17 00:00:00 2001
+From: mazhao <mazhao12@huawei.com>
+Date: Wed, 3 Jan 2024 12:00:45 +0800
+Subject: [PATCH] Fix a buffer overread in the sessions extension that could
+ occur when processing a corrupt changeset.
+
+Signed-off-by: mazhao <mazhao12@huawei.com>
+---
+ ext/session/sqlite3session.c | 18 +++++++++++-------
+ 1 file changed, 11 insertions(+), 7 deletions(-)
+
+diff --git a/ext/session/sqlite3session.c b/ext/session/sqlite3session.c
+index a892804..72ad427 100644
+--- a/ext/session/sqlite3session.c
++++ b/ext/session/sqlite3session.c
+@@ -3050,15 +3050,19 @@ static int sessionReadRecord(
+         }
+       }
+       if( eType==SQLITE_INTEGER || eType==SQLITE_FLOAT ){
+-        sqlite3_int64 v = sessionGetI64(aVal);
+-        if( eType==SQLITE_INTEGER ){
+-          sqlite3VdbeMemSetInt64(apOut[i], v);
++        if( (pIn->nData-pIn->iNext)<8 ){
++          rc = SQLITE_CORRUPT_BKPT;
+         }else{
+-          double d;
+-          memcpy(&d, &v, 8);
+-          sqlite3VdbeMemSetDouble(apOut[i], d);
++          sqlite3_int64 v = sessionGetI64(aVal);
++          if( eType==SQLITE_INTEGER ){
++            sqlite3VdbeMemSetInt64(apOut[i], v);
++          }else{
++            double d;
++            memcpy(&d, &v, 8);
++            sqlite3VdbeMemSetDouble(apOut[i], d);
++          }
++          pIn->iNext += 8;
+         }
+-        pIn->iNext += 8;
+       }
+     }
+   }
+-- 
+2.34.1
+
diff --git a/sqlite.spec b/sqlite.spec
index 5673479eac5211d88e551ce725cbee5f89e7f421..9c04fcede8e3f0a0bc33c002ecd414a8e9a09214 100644
--- a/sqlite.spec
+++ b/sqlite.spec
@@ -7,7 +7,7 @@
 
 Name:    sqlite
 Version: 3.32.3
-Release: 6
+Release: 7
 Summary: Embeded SQL database
 License: Public Domain
 URL:     http://www.sqlite.org/
@@ -22,6 +22,7 @@ Patch3: CVE-2021-20227.patch
 Patch4: 0004-CVE-2022-35737.patch
 Patch5: 0005-CVE-2021-20223.patch
 Patch6: 0006-fix-integer-overflow-on-gigabyte-string.patch
+Patch7: 0007-CVE-2023-7104.patch
 
 BuildRequires: gcc autoconf tcl tcl-devel
 BuildRequires: ncurses-devel readline-devel glibc-devel
@@ -70,6 +71,7 @@ This contains man files and HTML files for the using of sqlite.
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
+%patch7 -p1
 
 rm -f %{name}-doc-%{extver}/sqlite.css~ || :
 
@@ -142,6 +144,9 @@ make test
 %{_mandir}/man*/*
 
 %changelog
+* Wed Jan 3 2024 mazhao <mazhao12@huawei.com> - 3.32.3-7
+- fix the CVE-2023-7104
+
 * Tue Sep 6 2022 zhuwentao <zhuwentao5@huawei.com> - 3.32.3-6
 - fix integer overflow on gigabyte string