diff --git a/backport-CVE-2021-4019.patch b/backport-CVE-2021-4019.patch
new file mode 100644
index 0000000000000000000000000000000000000000..590cdde961210457df365b6c5604567ee6e83982
--- /dev/null
+++ b/backport-CVE-2021-4019.patch
@@ -0,0 +1,45 @@
+From bd228fd097b41a798f90944b5d1245eddd484142 Mon Sep 17 00:00:00 2001
+From: Bram Moolenaar <Bram@vim.org>
+Date: Thu, 25 Nov 2021 10:50:12 +0000
+Subject: [PATCH] patch 8.2.3669: buffer overflow with long help argument
+
+Problem:    Buffer overflow with long help argument.
+Solution:   Use snprintf().
+---
+ src/ex_cmds.c             | 3 +--
+ src/testdir/test_help.vim | 8 ++++++++
+ 2 files changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/src/ex_cmds.c b/src/ex_cmds.c
+index 45c733b..8f6444f 100644
+--- a/src/ex_cmds.c
++++ b/src/ex_cmds.c
+@@ -5436,8 +5436,7 @@ find_help_tags(
+ 		    || (vim_strchr((char_u *)"%_z@", arg[1]) != NULL
+ 							   && arg[2] != NUL)))
+ 	{
+-	    STRCPY(d, "/\\\\");
+-	    STRCPY(d + 3, arg + 1);
++           vim_snprintf((char *)d, IOSIZE, "/\\\\%s", arg + 1);
+ 	    // Check for "/\\_$", should be "/\\_\$"
+ 	    if (d[3] == '_' && d[4] == '$')
+ 		STRCPY(d + 4, "\\$");
+diff --git a/src/testdir/test_help.vim b/src/testdir/test_help.vim
+index 5dd937a..c2aeb1f 100644
+--- a/src/testdir/test_help.vim
++++ b/src/testdir/test_help.vim
+@@ -55,3 +55,11 @@ func Test_help_local_additions()
+   call delete('Xruntime', 'rf')
+   let &rtp = rtp_save
+ endfunc
++
++func Test_help_long_argument()
++  try
++    exe 'help \%' .. repeat('0', 1021)
++  catch
++    call assert_match("E149:", v:exception)
++  endtry
++endfunc
+-- 
+1.8.3.1
+
diff --git a/vim.spec b/vim.spec
index cd6856b7edb65096e5eb7e8292a97ba02ef1f016..84ae3b09c44efc037834f766800f7447d6dca9fc 100644
--- a/vim.spec
+++ b/vim.spec
@@ -12,7 +12,7 @@
 Name:           vim
 Epoch:          2
 Version:        8.2
-Release:        17
+Release:        18
 Summary:        Vim is a highly configurable text editor for efficiently creating and changing any kind of text.
 License:        Vim and MIT
 URL:            http://www.vim.org
@@ -55,6 +55,7 @@ Patch6017:      backport-CVE-2021-3974.patch
 Patch6018:      backport-find-test-fails.patch
 Patch6019:      backport-no-early-check-if-find-and-sfind-have-an-argument.patch
 Patch6020:      backport-CVE-2021-3984.patch
+Patch6021:      backport-CVE-2021-4019.patch
 
 Patch9000:      bugfix-rm-modify-info-version.patch
 
@@ -443,6 +444,12 @@ popd
 %{_mandir}/man1/evim.*
 
 %changelog
+* Tue Dec 07 2021 shixuantong<shixuantong@huawei.com> - 2:8.2-18
+- Type:CVE
+- ID:CVE-2021-4019
+- SUG:NA
+- DESC:fix CVE-2021-4019
+
 * Sat Dec 04 2021 shixuantong<shixuantong@huawei.com> - 2:8.2-17
 - Type:CVE
 - ID:CVE-2021-3984