diff --git a/CVE-2024-8250.patch b/CVE-2024-8250.patch
new file mode 100644
index 0000000000000000000000000000000000000000..4791221734d995f0808d360f3d74e2bc3be43bb4
--- /dev/null
+++ b/CVE-2024-8250.patch
@@ -0,0 +1,56 @@
+From be0e7c955d7efa628baa97447127c3434b575765 Mon Sep 17 00:00:00 2001
+From: John Thacker <johnthacker@gmail.com>
+Date: Sun, 28 Jul 2024 13:06:50 +0000
+Subject: [PATCH] ntlmssp: Don't insert a key created on the stack into a hash
+ table
+
+Origin: https://gitlab.com/wireshark/wireshark/-/merge_requests/16640
+
+We could change this table to an autoreset wmem_map as well.
+
+Fix #19943
+
+
+(cherry picked from commit 66dcd56f1eae615697b6588ac4778a61a5576391)
+
+Co-authored-by: John Thacker <johnthacker@gmail.com>
+---
+ epan/dissectors/packet-ntlmssp.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/epan/dissectors/packet-ntlmssp.c b/epan/dissectors/packet-ntlmssp.c
+index a538c204e61..d279d74eb53 100644
+--- a/epan/dissectors/packet-ntlmssp.c
++++ b/epan/dissectors/packet-ntlmssp.c
+@@ -2353,7 +2353,9 @@ decrypt_data_payload(tvbuff_t *tvb, int offset, guint32 encrypted_block_length,
+       decrypted_payloads = g_slist_prepend(decrypted_payloads,
+                                            packet_ntlmssp_info->decrypted_payload);
+       if (key != NULL) {
+-        g_hash_table_insert(hash_packet, key, packet_ntlmssp_info);
++        uint8_t *perm_key = g_new(uint8_t, NTLMSSP_KEY_LEN);
++        memcpy(perm_key, key, NTLMSSP_KEY_LEN);
++        g_hash_table_insert(hash_packet, perm_key, packet_ntlmssp_info);
+       }
+ 
+       /* Do the decryption of the payload */
+@@ -2803,7 +2805,7 @@ header_hash(gconstpointer pointer)
+ static gboolean
+ header_equal(gconstpointer pointer1, gconstpointer pointer2)
+ {
+-  if (!memcmp(pointer1, pointer2, 16)) {
++  if (!memcmp(pointer1, pointer2, NTLMSSP_KEY_LEN)) {
+     return TRUE;
+   }
+   else {
+@@ -2814,7 +2816,7 @@ header_equal(gconstpointer pointer1, gconstpointer pointer2)
+ static void
+ ntlmssp_init_protocol(void)
+ {
+-  hash_packet = g_hash_table_new(header_hash, header_equal);
++  hash_packet = g_hash_table_new_full(header_hash, header_equal, g_free, NULL);
+ }
+ 
+ static void
+-- 
+GitLab
+
diff --git a/wireshark.spec b/wireshark.spec
index efb83600c0c6b2954cc84308cd29b0487be73dfd..826c2b30bf913521a7cdd76748c8d139a85c389f 100644
--- a/wireshark.spec
+++ b/wireshark.spec
@@ -5,7 +5,7 @@
 Summary:	Network traffic analyzer
 Name:		wireshark
 Version:	3.6.14
-Release:	8
+Release:	9
 Epoch:		1
 License:	GPL+
 Url:		http://www.wireshark.org/
@@ -37,6 +37,7 @@ Patch18:        CVE-2023-0666.patch
 Patch19:        CVE-2024-4853.patch
 Patch20:        CVE-2024-4854.patch
 Patch21:        CVE-2024-4855.patch
+Patch22:        CVE-2024-8250.patch
 
 Requires:	xdg-utils
 Requires:	hicolor-icon-theme
@@ -211,6 +212,9 @@ exit 0
 %{_mandir}/man?/*
 
 %changelog
+* Fri Aug 30 2024 wangkai <13474090681@163.com> - 1:3.6.14-9
+- Fix CVE-2024-8250
+
 * Wed May 15 2024 yaoxin <yao_xin001@hoperun.com> - 1:3.6.14-8
 - Fix CVE-2024-4853,CVE-2024-4854 and CVE-2024-4855