diff --git a/CVE-2020-13848.patch b/CVE-2020-13848.patch
new file mode 100644
index 0000000..a832e30
--- /dev/null
+++ b/CVE-2020-13848.patch
@@ -0,0 +1,51 @@
+From d22c6cf5878d8919cd7eb612269555c6fa0c296a Mon Sep 17 00:00:00 2001
+From: lvhan <lvhan@kylinos.cn>
+Date: Mon, 1 Feb 2021 10:47:36 +0800
+Subject: [PATCH] CVE-2020-13848
+
+---
+ upnp/src/genlib/service_table/service_table.c | 21 ++++++++++---------
+ 1 file changed, 11 insertions(+), 10 deletions(-)
+
+diff --git a/upnp/src/genlib/service_table/service_table.c b/upnp/src/genlib/service_table/service_table.c
+index 98c2c0f..b74fd1c 100644
+--- a/upnp/src/genlib/service_table/service_table.c
++++ b/upnp/src/genlib/service_table/service_table.c
+@@ -300,11 +300,11 @@ FindServiceEventURLPath( service_table * table,
+     uri_type parsed_url;
+     uri_type parsed_url_in;
+ 
+-    if( ( table )
+-        &&
+-        ( parse_uri( eventURLPath,
+-                     strlen( eventURLPath ),
+-                     &parsed_url_in ) == HTTP_SUCCESS ) ) {
++    if (!table || !eventURLPath) {
++		return NULL;
++	}
++	if (parse_uri(eventURLPath, strlen(eventURLPath), &parsed_url_in) ==
++		HTTP_SUCCESS) {
+ 
+         finger = table->serviceList;
+         while( finger ) {
+@@ -352,11 +352,12 @@ FindServiceControlURLPath( service_table * table,
+     uri_type parsed_url;
+     uri_type parsed_url_in;
+ 
+-    if( ( table )
+-        &&
+-        ( parse_uri
+-          ( controlURLPath, strlen( controlURLPath ),
+-            &parsed_url_in ) == HTTP_SUCCESS ) ) {
++    if (!table || !controlURLPath) {
++		return NULL;
++	}
++	if (parse_uri(controlURLPath, strlen(controlURLPath), &parsed_url_in) ==
++		HTTP_SUCCESS) {
++
+         finger = table->serviceList;
+         while( finger ) {
+             if( finger->controlURL )
+-- 
+2.29.2.windows.2
+
diff --git a/libupnp.spec b/libupnp.spec
index fa01a19..2ed651b 100644
--- a/libupnp.spec
+++ b/libupnp.spec
@@ -1,12 +1,13 @@
 Version: 1.8.4
 Summary: Universal Plug and Play (UPnP) SDK
 Name: libupnp
-Release: 2
+Release: 3
 License: BSD
 URL: https://sourceforge.net/projects/pupnp
 Source: https://downloads.sourceforge.net/pupnp/%{name}-%{version}.tar.bz2
 Patch0: libupnp-1.8.4-nobump.patch
 Patch1: 96.patch
+Patch2: CVE-2020-13848.patch
 
 BuildRequires: gcc autoconf automake
 
@@ -28,6 +29,7 @@ the UPnP SDK libraries.
 %setup -q
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
 autoreconf
 
 %build
@@ -61,6 +63,9 @@ sed -i.rpath 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
 %{_libdir}/pkgconfig/libupnp.pc
 
 %changelog
+* Mon Feb 1 2021 lvhan <lvhan@kylinos.com> - 1.8.4-3
+- Fixes CVE-2020-13848
+
 * Mon Dec 28 2020 Ge Wang <wangge20@huawei.com> - 1.8.4-2
 - Remove redundancy %{?dist}