diff --git a/backport-CVE-2023-46724.patch b/backport-CVE-2023-46724.patch
new file mode 100644
index 0000000..7809dd6
--- /dev/null
+++ b/backport-CVE-2023-46724.patch
@@ -0,0 +1,39 @@
+From b70f864940225dfe69f9f653f948e787f99c3810 Mon Sep 17 00:00:00 2001
+From: Andreas Weigel <andreas.weigel@securepoint.de>
+Date: Wed, 18 Oct 2023 04:14:31 +0000
+Subject: [PATCH] Fix validation of certificates with CN=* (#1523)
+
+The bug was discovered and detailed by Joshua Rogers at
+https://megamansec.github.io/Squid-Security-Audit/
+where it was filed as "Buffer UnderRead in SSL CN Parsing".
+
+Conflict:NA
+Reference:https://github.com/squid-cache/squid/commit/b70f864940225dfe69f9f653f948e787f99c3810
+---
+ src/anyp/Uri.cc | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/anyp/Uri.cc b/src/anyp/Uri.cc
+index 3eed2366abd..ef77d4f766b 100644
+--- a/src/anyp/Uri.cc
++++ b/src/anyp/Uri.cc
+@@ -175,6 +175,10 @@ urlInitialize(void)
+     assert(0 == matchDomainName("*.foo.com", ".foo.com", mdnHonorWildcards));
+     assert(0 != matchDomainName("*.foo.com", "foo.com", mdnHonorWildcards));
+ 
++    assert(0 != matchDomainName("foo.com", ""));
++    assert(0 != matchDomainName("foo.com", "", mdnHonorWildcards));
++    assert(0 != matchDomainName("foo.com", "", mdnRejectSubsubDomains));
++
+     /* more cases? */
+ }
+ 
+@@ -828,6 +832,8 @@ matchDomainName(const char *h, const char *d, MatchDomainNameFlags flags)
+         return -1;
+ 
+     dl = strlen(d);
++    if (dl == 0)
++        return 1;
+ 
+     /*
+      * Start at the ends of the two strings and work towards the
diff --git a/squid.spec b/squid.spec
index 283e7a6..18055dc 100644
--- a/squid.spec
+++ b/squid.spec
@@ -2,7 +2,7 @@
 
 Name:     squid
 Version:  6.1
-Release:  2
+Release:  3
 Summary:  The Squid proxy caching server
 Epoch:    7
 License:  GPLv2+ and (LGPLv2+ and MIT and BSD and Public Domain)
@@ -26,6 +26,7 @@ Patch5:   backport-0002-CVE-2023-5824.patch
 Patch6:   backport-CVE-2023-46846.patch
 Patch7:   backport-CVE-2023-46847.patch
 Patch8:   backport-CVE-2023-46848.patch
+Patch9:   backport-CVE-2023-46724.patch
 
 Requires: bash
 Requires: httpd-filesystem
@@ -248,6 +249,12 @@ fi
     chgrp squid /var/cache/samba/winbindd_privileged >/dev/null 2>&1 || :
 
 %changelog
+* Thu Nov 02 2023 yanglu <yanglu72@h-partners.com> - 7:6.1-3
+- Type:CVE
+- ID:CVE-2023-46724
+- SUG:NA
+- DESC:fix CVE-2023-46724
+
 * Tue Oct 31 2023 yanglu <yanglu72@h-partners.com> - 7:6.1-2
 - Type:cves
 - ID:CVE-2023-5824 CVE-2023-46846 CVE-2023-46847 CVE-2023-46848