diff --git a/CVE-2019-12295.patch b/CVE-2019-12295.patch
new file mode 100644
index 0000000000000000000000000000000000000000..e959566f1406092ba9e79d4de8c7f284f50da7fa
--- /dev/null
+++ b/CVE-2019-12295.patch
@@ -0,0 +1,54 @@
+From be9bdfda02a2498c6f65122d80e3a8b4235dc7f5 Mon Sep 17 00:00:00 2001
+From: Gerald Combs <gerald@wireshark.org>
+Date: Tue, 21 May 2019 10:41:41 -0700
+Subject: [PATCH] Add dissection recursion checks.
+
+Enforce a maximum layer limit in call_dissector_work and
+dissector_try_heuristic.
+
+Bug: 15778
+Change-Id: I691868e980384b76a64f88de4db5bb7340a7c4aa
+Reviewed-on: https://code.wireshark.org/review/33301
+Petri-Dish: Gerald Combs <gerald@wireshark.org>
+Tested-by: Petri Dish Buildbot
+Reviewed-by: Dario Lombardo <lomato@gmail.com>
+Reviewed-by: Gerald Combs <gerald@wireshark.org>
+---
+ epan/packet.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/epan/packet.c b/epan/packet.c
+index 62b102da33e..f44809a27e8 100644
+--- a/epan/packet.c
++++ b/epan/packet.c
+@@ -729,6 +729,13 @@ static int
+ call_dissector_work_error(dissector_handle_t handle, tvbuff_t *tvb,
+ 			  packet_info *pinfo_arg, proto_tree *tree, void *);
+ 
++/*
++ * XXX packet_info.curr_layer_num is a guint8 and *_MAX_RECURSION_DEPTH is
++ * 100 elsewhere in the code. We should arguably use the same value here,
++ * but using that makes suite_wslua.case_wslua.test_wslua_dissector_fpm fail.
++ */
++#define PINFO_LAYER_MAX_RECURSION_DEPTH 500
++
+ static int
+ call_dissector_work(dissector_handle_t handle, tvbuff_t *tvb, packet_info *pinfo_arg,
+ 		    proto_tree *tree, gboolean add_proto_name, void *data)
+@@ -751,6 +758,7 @@ call_dissector_work(dissector_handle_t handle, tvbuff_t *tvb, packet_info *pinfo
+ 	saved_proto = pinfo->current_proto;
+ 	saved_can_desegment = pinfo->can_desegment;
+ 	saved_layers_len = wmem_list_count(pinfo->layers);
++	DISSECTOR_ASSERT(saved_layers_len < PINFO_LAYER_MAX_RECURSION_DEPTH);
+ 
+ 	/*
+ 	 * can_desegment is set to 2 by anyone which offers the
+@@ -2724,6 +2732,8 @@ dissector_try_heuristic(heur_dissector_list_t sub_dissectors, tvbuff_t *tvb,
+ 	saved_layers_len = wmem_list_count(pinfo->layers);
+ 	*heur_dtbl_entry = NULL;
+ 
++	DISSECTOR_ASSERT(saved_layers_len < PINFO_LAYER_MAX_RECURSION_DEPTH);
++
+ 	for (entry = sub_dissectors->dissectors; entry != NULL;
+ 	    entry = g_slist_next(entry)) {
+ 		/* XXX - why set this now and above? */
diff --git a/wireshark.spec b/wireshark.spec
index 0f01d938c3858f398a7e1300977756edb494901e..d4e1e8568cb0a521c53cfb3826e804bdbb6e2fe9 100644
--- a/wireshark.spec
+++ b/wireshark.spec
@@ -1,6 +1,6 @@
 Name:           wireshark
 Version:        2.6.2
-Release:        18
+Release:        19
 Epoch:          1
 Summary:        Network traffic analyzer
 License:        GPL+ and GPL-2.0+ and GPL-3.0 and GPL-3.0+ and BSD and ISC
@@ -54,6 +54,7 @@ Patch6039:      CVE-2019-19553.patch
 Patch6040:      CVE-2020-9428-pre.patch
 Patch6041:      CVE-2020-9428.patch
 Patch6042:      CVE-2020-9431.patch
+Patch6043:      CVE-2019-12295.patch
 
 Requires(pre):  shadow-utils
 Requires(post): systemd-udev
@@ -160,6 +161,9 @@ getent group usbmon >/dev/null || groupadd -r usbmon
 %{_mandir}/man?/*
 
 %changelog
+* Tue Jul 28 2021 zhuyuncheng <zhuyuncheng@huawei.com> - 2.6.2-19
+- fix CVE-2019-12295
+
 * Thu Feb 25 2021 wangxiao <wangxiao65@huawei.com> - 2.6.2-18
 - Fix CVE-2019-13619 CVE-2019-19553 CVE-2020-9428 CVE-2020-9431