diff --git a/0006-CVE-2022-46908.patch b/0006-CVE-2022-46908.patch
new file mode 100644
index 0000000000000000000000000000000000000000..db5c22219c7d1389cb1062f650ade5930fc779cd
--- /dev/null
+++ b/0006-CVE-2022-46908.patch
@@ -0,0 +1,53 @@
+From 040177c01a76ccb631bbe19a445f716f0d7b9458 Mon Sep 17 00:00:00 2001
+From: zwtmichael <zhuwentao5@huawei.com>
+Date: Thu, 15 Dec 2022 09:49:15 +0800
+Subject: [PATCH] Fix safe mode authorizer callback to reject disallowed UDFs
+
+Signed-off-by: zwtmichael <zhuwentao5@huawei.com>
+---
+ src/shell.c.in   |  4 ++--
+ test/shell2.test | 11 +++++++++++
+ 2 files changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/src/shell.c.in b/src/shell.c.in
+index 543141c..2c1e013 100644
+--- a/src/shell.c.in
++++ b/src/shell.c.in
+@@ -1829,7 +1829,7 @@ static int safeModeAuth(
+     "zipfile",
+     "zipfile_cds",
+   };
+-  UNUSED_PARAMETER(zA2);
++  UNUSED_PARAMETER(zA1);
+   UNUSED_PARAMETER(zA3);
+   UNUSED_PARAMETER(zA4);
+   switch( op ){
+@@ -1840,7 +1840,7 @@ static int safeModeAuth(
+     case SQLITE_FUNCTION: {
+       int i;
+       for(i=0; i<ArraySize(azProhibitedFunctions); i++){
+-        if( sqlite3_stricmp(zA1, azProhibitedFunctions[i])==0 ){
++        if( sqlite3_stricmp(zA2, azProhibitedFunctions[i])==0 ){
+           failIfSafeMode(p, "cannot use the %s() function in safe mode",
+                          azProhibitedFunctions[i]);
+         }
+diff --git a/test/shell2.test b/test/shell2.test
+index 6b4dff5..c3777eb 100644
+--- a/test/shell2.test
++++ b/test/shell2.test
+@@ -188,4 +188,15 @@ b
+ 2
+ }}
+ 
++# Verify that safe mode rejects certain UDFs
++# Reported at https://sqlite.org/forum/forumpost/07beac8056151b2f
++do_test shell2-1.4.8 {
++  catchcmd "-safe :memory:" {
++ SELECT edit('DoNotCare');}
++} {1 {line 2: cannot use the edit() function in safe mode}}
++do_test shell2-1.4.9 {
++  catchcmd "-safe :memory:" {
++ SELECT writefile('DoNotCare', x'');}
++} {1 {line 2: cannot use the writefile() function in safe mode}}
++
+ finish_test
diff --git a/sqlite.spec b/sqlite.spec
index dc5a3b75d25719b78c977b5caa29aa46b1ea5c55..0a04e02bb63783356d604deecbbd4a08652b5d01 100644
--- a/sqlite.spec
+++ b/sqlite.spec
@@ -6,7 +6,7 @@
 
 Name:    sqlite
 Version: 3.37.2
-Release: 3
+Release: 4
 Summary: Embeded SQL database
 License: Public Domain
 URL:     http://www.sqlite.org/
@@ -20,6 +20,7 @@ Patch2: 0002-remove-fail-testcase-in-no-free-fd-situation.patch
 Patch3: 0003-CVE-2022-35737.patch
 Patch4: 0004-fix-memory-problem-in-the-rtree-test-suite.patch
 Patch5: 0005-fix-integer-overflow-on-gigabyte-string.patch
+Patch6: 0006-CVE-2022-46908.patch
 
 BuildRequires: gcc autoconf tcl tcl-devel
 BuildRequires: ncurses-devel readline-devel glibc-devel
@@ -67,6 +68,7 @@ This contains man files and HTML files for the using of sqlite.
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
+%patch6 -p1
 
 rm -f %{name}-doc-%{extver}/sqlite.css~ || :
 
@@ -137,6 +139,9 @@ make test
 %{_mandir}/man*/*
 
 %changelog
+* Wed Dec 14 2022 zhuwentao <zhuwentao5@huawei.com> - 3.37.2-4
+- fix the CVE-2022-46908
+
 * Wed Sep 14 2022 zhuwentao <zhuwentao5@huawei.com> - 3.37.2-3
 - fix build problem