diff --git a/CVE-2024-24577.patch b/CVE-2024-24577.patch
new file mode 100644
index 0000000..c8385fa
--- /dev/null
+++ b/CVE-2024-24577.patch
@@ -0,0 +1,44 @@
+From eb4c1716cd92bf56f2770653a915d5fc01eab8f3 Mon Sep 17 00:00:00 2001
+From: Edward Thomson <ethomson@edwardthomson.com>
+Date: Sat, 16 Dec 2023 11:19:07 +0000
+Subject: [PATCH] index: correct index has_dir_name check
+
+`has_dir_name` is used to check for directory/file collisions,
+and attempts to determine whether the index contains a file with
+a directory name that is a proper subset of the new index entry
+that we're trying to add.
+
+To determine directory name, the function would walk the path string
+backwards to identify a `/`, stopping at the end of the string. However,
+the function assumed that the strings did not start with a `/`. If the
+paths contain only a single `/` at the beginning of the string, then the
+function would continue the loop, erroneously, when they should have
+stopped at the first character.
+
+Correct the order of the tests to terminate properly.
+
+Credit to Michael Rodler (@f0rki) and Amazon AWS Security.
+---
+ src/index.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/src/index.c b/src/index.c
+index d4532c005d0..9306b96dba5 100644
+--- a/src/index.c
++++ b/src/index.c
+@@ -1148,10 +1148,13 @@ static int has_dir_name(git_index *index,
+ 		size_t len, pos;
+ 
+ 		for (;;) {
+-			if (*--slash == '/')
+-				break;
++			slash--;
++
+ 			if (slash <= entry->path)
+ 				return 0;
++
++			if (*slash == '/')
++				break;
+ 		}
+ 		len = slash - name;
+ 
diff --git a/libgit2.spec b/libgit2.spec
index 439e194..80059f9 100644
--- a/libgit2.spec
+++ b/libgit2.spec
@@ -1,11 +1,13 @@
 Name:           libgit2
 Version:        1.3.2
-Release:        2
+Release:        3
 Summary:        portable, pure C implementation of the Git core methods
 License:        GPLv2 with exceptions
 URL:            https://libgit2.org
 Source0:        https://github.com/libgit2/libgit2/archive/v%{version}.tar.gz
 Patch1:         CVE-2023-22742.patch
+# https://github.com/libgit2/libgit2/commit/eb4c1716cd92bf56f2770653a915d5fc01eab8f3
+Patch2:         CVE-2024-24577.patch
 
 BuildRequires:  gcc cmake >= 2.8.11 ninja-build http-parser-devel libcurl-devel
 BuildRequires:  libssh2-devel openssl-devel python3 zlib-devel
@@ -57,6 +59,9 @@ rm -vr deps
 %{_includedir}/git2*
 
 %changelog
+* Wed Feb 07 2024 yaoxin <yao_xin001@hoperun.com> - 1.3.2-3
+- Fix CVE-2024-24577
+
 * Thu Dec 14 2023 wangkai <13474090681@163.com> - 1.3.2-2
 - Fix CVE-2023-22742