diff --git a/CVE-2020-28030.patch b/CVE-2020-28030.patch
new file mode 100644
index 0000000000000000000000000000000000000000..f515d88c362bb1d90d4f12dd31bade12e237b7bf
--- /dev/null
+++ b/CVE-2020-28030.patch
@@ -0,0 +1,55 @@
+From b287e7165e8aa89cde6ae37e7c257c5d87d16b9b Mon Sep 17 00:00:00 2001
+From: Richard Smith <pcy190@126.com>
+Date: Sat, 10 Oct 2020 18:25:57 +0800
+Subject: [PATCH] GQUIC: make sure our tag offset advances.
+
+Make sure gquic tag offset advances so that we don't infinitely loop.
+---
+ epan/dissectors/packet-gquic.c | 13 +++++++++++--
+ 1 file changed, 11 insertions(+), 2 deletions(-)
+
+diff --git a/epan/dissectors/packet-gquic.c b/epan/dissectors/packet-gquic.c
+index fc13912848..f6728d2524 100644
+--- a/epan/dissectors/packet-gquic.c
++++ b/epan/dissectors/packet-gquic.c
+@@ -185,6 +185,7 @@ static expert_field ei_gquic_tag_undecod
+ static expert_field ei_gquic_tag_length = EI_INIT;
+ static expert_field ei_gquic_tag_unknown = EI_INIT;
+ static expert_field ei_gquic_version_invalid = EI_INIT;
++static expert_field ei_gquic_length_invalid = EI_INIT;
+ 
+ typedef struct gquic_info_data {
+     guint8 version;
+@@ -1608,7 +1609,7 @@ dissect_gquic_tag(tvbuff_t *tvb, packet_
+                                  "Dissector for (Google) QUIC Tag"
+                                  " %s (%s) code not implemented, Contact"
+                                  " Wireshark developers if you want this supported", tvb_get_string_enc(wmem_packet_scope(), tvb, offset-8, 4, ENC_ASCII|ENC_NA), val_to_str(tag, tag_vals, "Unknown"));
+-                tag_offset += tag_len;
++                goto end;
+             break;
+         }
+         if(tag_offset != offset_end){
+@@ -1619,6 +1620,13 @@ dissect_gquic_tag(tvbuff_t *tvb, packet_
+ 
+         tag_number--;
+     }
++
++    end:
++    if (offset + total_tag_len <= offset) {
++        expert_add_info_format(pinfo, gquic_tree, &ei_gquic_length_invalid,
++                                "Invalid total tag length: %u", total_tag_len);
++        return offset + tvb_reported_length_remaining(tvb, offset);
++    }
+     return offset + total_tag_len;
+ 
+ }
+@@ -2880,7 +2888,8 @@ proto_register_gquic(void)
+         { &ei_gquic_tag_undecoded, { "gquic.tag.undecoded", PI_UNDECODED, PI_NOTE, "Dissector for (Google)QUIC Tag code not implemented, Contact Wireshark developers if you want this supported", EXPFILL }},
+         { &ei_gquic_tag_length, { "gquic.tag.length.truncated", PI_MALFORMED, PI_NOTE, "Truncated Tag Length...", EXPFILL }},
+         { &ei_gquic_tag_unknown, { "gquic.tag.unknown.data", PI_UNDECODED, PI_NOTE, "Unknown Data", EXPFILL }},
+-        { &ei_gquic_version_invalid, { "gquic.version.invalid", PI_MALFORMED, PI_ERROR, "Invalid Version", EXPFILL }}
++        { &ei_gquic_version_invalid, { "gquic.version.invalid", PI_MALFORMED, PI_ERROR, "Invalid Version", EXPFILL }},
++        { &ei_gquic_length_invalid, { "gquic.length.invalid", PI_PROTOCOL, PI_WARN, "Invalid Length", EXPFILL }}
+     };
+ 
+     expert_module_t *expert_gquic;
diff --git a/wireshark.spec b/wireshark.spec
index 7230542659d513000976127e1cfc10ec6de93cc5..3bed8593547eebd3145d36b3385114fe7e4bce6f 100644
--- a/wireshark.spec
+++ b/wireshark.spec
@@ -1,6 +1,6 @@
 Name:           wireshark
 Version:        2.6.2
-Release:        13
+Release:        14
 Epoch:          1
 Summary:        Network traffic analyzer
 License:        GPL+
@@ -44,6 +44,7 @@ Patch6029:      CVE-2018-16056.patch
 Patch6030:      CVE-2020-25862.patch
 Patch6031:      CVE-2020-25863.patch
 Patch6032:      wireshark-initialize-point-in-end_string.patch
+Patch6033:      CVE-2020-28030.patch
 
 Requires(pre):  shadow-utils
 Requires(post): systemd-udev
@@ -150,6 +151,10 @@ getent group usbmon >/dev/null || groupadd -r usbmon
 %{_mandir}/man?/*
 
 %changelog
+* Mon Nov 07 2020 wangxiao <wangxiao65@huawei.com> - 2.6.2-14
+- fix CVE-2020-28030
+  malformed packet on wire could make GQUIC protocol dissector loop
+
 * Mon Nov 02 2020 lingsheng <lingsheng@huawei.com> - 2.6.2-13
 - Fix use-of-uninitialized-value in end_string