diff --git a/backport-CVE-2021-4217.patch b/backport-CVE-2021-4217.patch
new file mode 100644
index 0000000000000000000000000000000000000000..4cb44b398c8860adee3300ce1c0e846f06826aa4
--- /dev/null
+++ b/backport-CVE-2021-4217.patch
@@ -0,0 +1,39 @@
+From 731d698377dbd1f5b1b90efeb8094602ed59fc40 Mon Sep 17 00:00:00 2001
+From: Nils Bars <nils.bars@t-online.de>
+Date: Mon, 17 Jan 2022 16:53:16 +0000
+Subject: [PATCH] Fix null pointer dereference and use of uninitialized data
+
+This fixes a bug that causes use of uninitialized heap data if `readbuf` fails
+to read as many bytes as indicated by the extra field length attribute.
+Furthermore, this fixes a null pointer dereference if an archive contains an
+`EF_UNIPATH` extra field but does not have a filename set.
+
+Reference:https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077
+Conflict: fileio.c file not change.
+---
+ process.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/process.c b/process.c
+index abe938b..f573ee4 100644
+--- a/process.c
++++ b/process.c
+@@ -2060,10 +2060,14 @@ int getUnicodeData(__G__ ef_buf, ef_len)
+           G.unipath_checksum = makelong(offset + ef_buf);
+           offset += 4;
+ 
++          if (!G.filename_full) {
++            /* Check if we have a unicode extra section but no filename set */
++            return PK_ERR;
++          }
++
+           /*
+            * Compute 32-bit crc
+            */
+-
+           chksum = crc32(chksum, (uch *)(G.filename_full),
+                          strlen(G.filename_full));
+ 
+-- 
+2.33.0
+
diff --git a/unzip.spec b/unzip.spec
index a0024d460c24a43ef71017efbc3754099ec61048..3a7557167ca1a6d1c762ed6d7bb6cd9e7152d67f 100644
--- a/unzip.spec
+++ b/unzip.spec
@@ -1,6 +1,6 @@
 Name:           unzip
 Version:        6.0
-Release:        46
+Release:        46.h1
 Summary:        A utility for unpacking zip files
 License:        BSD
 URL:            http://www.info-zip.org/UnZip.html
@@ -34,6 +34,7 @@ Patch6000:      CVE-2018-18384.patch
 Patch6001:      CVE-2019-13232-pre.patch
 Patch6002:      CVE-2019-13232.patch
 Patch6003:      CVE-2019-13232-fur1.patch
+Patch6004:      backport-CVE-2021-4217.patch
 Patch9000:      CVE-2019-13232-fur2.patch
 Patch9001:      CVE-2022-0530.patch
 Patch9002:      CVE-2022-0529.patch
@@ -71,6 +72,9 @@ Package help includes man pages for unzip.
 %{_mandir}/man1/*
 
 %changelog
+*Mon Sep 5 2022 zhangnan <zhangnan134@huawei.com> - 6.0-46.h1
+- fix CVE-2021-4217
+
 * Wed Feb 23 2022  tianwei <tianwei@h-partners.com> - 6.0-46
 - fix CVE-2022-0529 CVE-2022-0530