diff --git a/backport-0001-CVE-2024-1013.patch b/backport-0001-CVE-2024-1013.patch
new file mode 100644
index 0000000000000000000000000000000000000000..b2637da44ec355a98cbfe49dade8316bf86fc1bf
--- /dev/null
+++ b/backport-0001-CVE-2024-1013.patch
@@ -0,0 +1,45 @@
+From 45f501e1be2db6b017cc242c79bfb9de32b332a1 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 29 Jan 2024 08:27:29 +0100
+Subject: [PATCH] PostgreSQL driver: Fix incompatible pointer-to-integer types
+
+These result in out-of-bounds stack writes on 64-bit architectures
+(caller has 4 bytes, callee writes 8 bytes), and seem to have gone
+unnoticed on little-endian architectures (although big-endian
+architectures must be broken).
+
+This change is required to avoid a build failure with GCC 14.
+---
+ Drivers/Postgre7.1/info.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/Drivers/Postgre7.1/info.c b/Drivers/Postgre7.1/info.c
+index 63ac91f..2216ecd 100644
+--- a/Drivers/Postgre7.1/info.c
++++ b/Drivers/Postgre7.1/info.c
+@@ -1779,14 +1779,14 @@ char *table_name;
+ char index_name[MAX_INFO_STRING];
+ short fields_vector[8];
+ char isunique[10], isclustered[10];
+-SDWORD index_name_len, fields_vector_len;
++SQLLEN index_name_len, fields_vector_len;
+ TupleNode *row;
+ int i;
+ HSTMT hcol_stmt;
+ StatementClass *col_stmt, *indx_stmt;
+ char column_name[MAX_INFO_STRING], relhasrules[MAX_INFO_STRING];
+ char **column_names = 0;
+-Int4 column_name_len;
++SQLLEN column_name_len;
+ int total_columns = 0;
+ char error = TRUE;
+ ConnInfo *ci;
+@@ -2136,7 +2136,7 @@ HSTMT htbl_stmt;
+ StatementClass *tbl_stmt;
+ char tables_query[STD_STATEMENT_LEN];
+ char attname[MAX_INFO_STRING];
+-SDWORD attname_len;
++SQLLEN attname_len;
+ char pktab[MAX_TABLE_LEN + 1];
+ Int2 result_cols;
+ 
diff --git a/unixODBC.spec b/unixODBC.spec
index fda8af36de02edde1ca8a26eaf8529f8198ec5c5..773ae975d1165e16936b5c5faa2a2f26f02778fe 100644
--- a/unixODBC.spec
+++ b/unixODBC.spec
@@ -1,6 +1,6 @@
 Name:          unixODBC
 Version:       2.3.9
-Release:       3
+Release:       4
 Summary:       Open-source project that implements the ODBC API
 License:       GPLv2+ and LGPLv2+
 URL:           http://www.unixODBC.org/
@@ -8,6 +8,7 @@ Source:        http://www.unixODBC.org/%{name}-%{version}.tar.gz
 Source1:       odbcinst.ini
 Patch0000:     null_dereference_check.patch
 Patch0001:     delete_password.patch
+Patch6001:     backport-0001-CVE-2024-1013.patch
 Conflicts:     iodbc
 BuildRequires: automake autoconf libtool libtool-ltdl-devel bison flex readline-devel
 
@@ -90,6 +91,9 @@ find doc -name 'Makefile*' | xargs rm
 %exclude %{_datadir}/libtool
 
 %changelog
+* Thu Oct 24 2024 Funda Wang <fundawang@yeah.net> - 2.3.9-4
+- fix CVE-2024-1013
+
 * Thu Dec 16 2021 Haoran Yang <yanghaoran7@huawei.com> - 2.3.9-3
 - add delete_password.patch (hiding password in unixODBC log)