diff --git a/backport-CVE-2021-46848-Fix-ETYPE_OK-off-by-one-array-size-check-Closes-32.patch b/backport-CVE-2021-46848-Fix-ETYPE_OK-off-by-one-array-size-check-Closes-32.patch
new file mode 100644
index 0000000000000000000000000000000000000000..6ecff92e3d6c4871707009ed4921d1031f1ddb2d
--- /dev/null
+++ b/backport-CVE-2021-46848-Fix-ETYPE_OK-off-by-one-array-size-check-Closes-32.patch
@@ -0,0 +1,29 @@
+From 44a700d2051a666235748970c2df047ff207aeb5 Mon Sep 17 00:00:00 2001
+From: Simon Josefsson <simon@josefsson.org>
+Date: Wed, 17 Aug 2022 12:25:06 +0200
+Subject: [PATCH] Fix ETYPE_OK off by one array size check.  Closes: #32.
+
+Reported by David Trabish in
+<https://gitlab.com/gnutls/libtasn1/-/issues/32>.
+
+Signed-off-by: Simon Josefsson <simon@josefsson.org>
+---
+ lib/int.h | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletion(-)
+
+diff --git a/lib/int.h b/lib/int.h
+index 488c118..d94d51c 100644
+--- a/lib/int.h
++++ b/lib/int.h
+@@ -97,7 +97,7 @@ typedef struct tag_and_class_st
+ #define ETYPE_TAG(etype) (_asn1_tags[etype].tag)
+ #define ETYPE_CLASS(etype) (_asn1_tags[etype].class)
+ #define ETYPE_OK(etype) (((etype) != ASN1_ETYPE_INVALID && \
+-                          (etype) <= _asn1_tags_size && \
++                          (etype) < _asn1_tags_size && \
+                           _asn1_tags[(etype)].desc != NULL)?1:0)
+ 
+ #define ETYPE_IS_STRING(etype) ((etype == ASN1_ETYPE_GENERALSTRING || \
+-- 
+2.27.0
+
diff --git a/libtasn1.spec b/libtasn1.spec
index 565f311d9cf16089fc163a7f110851146949967f..81ad577e3cefa8999aa540ad45fdbb92ccd5ffdf 100644
--- a/libtasn1.spec
+++ b/libtasn1.spec
@@ -1,7 +1,7 @@
 Summary:	Libtasn1 is a ASN.1 parsing library
 Name:		libtasn1
 Version:	4.17.0
-Release:	2
+Release:	3
 
 # The libtasn1 library is LGPLv2+, utilities are GPLv3+
 License:	GPLv3+ and LGPLv2+
@@ -10,6 +10,7 @@ Source0:	http://ftp.gnu.org/gnu/libtasn1/%{name}-%{version}.tar.gz
 Source1:	http://ftp.gnu.org/gnu/libtasn1/%{name}-%{version}.tar.gz.sig
 
 Patch0:         fix-memleaks-in-asn1-arrat2tree.patch
+Patch1:         backport-CVE-2021-46848-Fix-ETYPE_OK-off-by-one-array-size-check-Closes-32.patch
 
 BuildRequires:	gcc, autoconf, automake, libtool, gnupg2, bison, pkgconfig, help2man
 # when autoconf >= 2.71, the command autoreconf need gtk-doc package
@@ -85,6 +86,9 @@ test "$1" = 0 -a -f %_infodir/%name.info.gz && \
 %{_infodir}/*.info.*
 
 %changelog
+* Tue Oct 25 2022 yixiangzhike <yixiangzhike007@163.com> - 4.17.0-3
+- fix CVE-2021-46848
+
 * Wed Jun 8 2022 yixiangzhike <yixiangzhike007@163.com> - 4.17.0-2
 - fix fuzz issues