diff --git a/CVE-2020-7105.patch b/CVE-2020-7105.patch
new file mode 100644
index 0000000..cafcc6f
--- /dev/null
+++ b/CVE-2020-7105.patch
@@ -0,0 +1,42 @@
+diff -Nur hiredis-0.13.3.orig/async.c hiredis-0.13.3/async.c
+--- hiredis-0.13.3.orig/async.c	2015-09-16 18:25:02.000000000 +0800
++++ hiredis-0.13.3/async.c	2020-03-17 11:28:02.927579511 +0800
+@@ -69,6 +69,8 @@
+ static void *callbackValDup(void *privdata, const void *src) {
+     ((void) privdata);
+     redisCallback *dup = malloc(sizeof(*dup));
++    if(dup == NULL)
++        abort();
+     memcpy(dup,src,sizeof(*dup));
+     return dup;
+ }
+diff -Nur hiredis-0.13.3.orig/dict.c hiredis-0.13.3/dict.c
+--- hiredis-0.13.3.orig/dict.c	2015-09-16 18:25:02.000000000 +0800
++++ hiredis-0.13.3/dict.c	2020-03-17 11:29:44.708321131 +0800
+@@ -72,6 +72,8 @@
+ /* Create a new hash table */
+ static dict *dictCreate(dictType *type, void *privDataPtr) {
+     dict *ht = malloc(sizeof(*ht));
++    if (ht == NULL)
++        abort();
+     _dictInit(ht,type,privDataPtr);
+     return ht;
+ }
+@@ -143,6 +145,8 @@
+ 
+     /* Allocates the memory and stores key */
+     entry = malloc(sizeof(*entry));
++    if (entry == NULL)
++        abort();
+     entry->next = ht->table[index];
+     ht->table[index] = entry;
+ 
+@@ -258,6 +262,8 @@
+ static dictIterator *dictGetIterator(dict *ht) {
+     dictIterator *iter = malloc(sizeof(*iter));
+ 
++    if(iter == NULL)
++        abort();
+     iter->ht = ht;
+     iter->index = -1;
+     iter->entry = NULL;
diff --git a/hiredis.spec b/hiredis.spec
index ca6b49f..203430b 100644
--- a/hiredis.spec
+++ b/hiredis.spec
@@ -1,6 +1,6 @@
 Name:           hiredis
 Version:        0.13.3
-Release:        10
+Release:        11
 Summary:        A minimalistic C client library for the Redis database
 License:        BSD
 URL:            https://github.com/redis/hiredis
@@ -8,6 +8,7 @@ Source0:        https://github.com/redis/hiredis/archive/v0.13.3.tar.gz#/hiredis
 BuildRequires:  gcc redis
 
 Patch0001:      0001-build-do-not-assume-that-INSTALL-is-cp.patch
+Patch0002:      CVE-2020-7105.patch
 
 %description
 Hiredis is a minimalistic C client library for the Redis database.
@@ -60,5 +61,8 @@ make check || true
 %{_libdir}/pkgconfig/hiredis.pc
 
 %changelog
+* Thu Mar 17 2020 likexin<likexin4@huawei.com> - 0.13.3-11
+- fix up cve-2020-7105
+
 * Tue Dec 31 2019 liujing<liujing144@huawei.com> - 0.13.3-10
 - Package init