diff --git a/autofs-5.1.8-fail-on-empty-replicated-host-name.patch b/autofs-5.1.8-fail-on-empty-replicated-host-name.patch
new file mode 100644
index 0000000..22084c5
--- /dev/null
+++ b/autofs-5.1.8-fail-on-empty-replicated-host-name.patch
@@ -0,0 +1,57 @@
+autofs-5.1.8 - fail on empty replicated host name
+
+From: Ian Kent <raven@themaw.net>
+
+If a mount location host (or hosts) has an empty host name it has to be
+a mistake so fail the automount request.
+
+Signed-off-by: Ian Kent <raven@themaw.net>
+---
+ CHANGELOG           |    1 +
+ modules/parse_sun.c |   18 ++++++++++++++++++
+ 2 files changed, 19 insertions(+)
+
+--- autofs-5.1.4.orig/CHANGELOG
++++ autofs-5.1.4/CHANGELOG
+@@ -105,6 +105,7 @@
+ - fix concat_options() error handling.
+ - fix minus only option handling in concat_options().
+ - fix incorrect path for is_mounted() in try_remount().
++- fail on empty replicated host name.
+ 
+ xx/xx/2018 autofs-5.1.5
+ - fix flag file permission.
+--- autofs-5.1.4.orig/modules/parse_sun.c
++++ autofs-5.1.4/modules/parse_sun.c
+@@ -924,6 +924,12 @@ static int validate_location(unsigned in
+ 	if (*ptr == ':')
+ 		return 1;
+ 
++	/* Fail on replicated entry with empty first host name */
++	if (*ptr == ',') {
++		error(logopt, "missing first host name in location %s", loc);
++		return 0;
++	}
++
+ 	/*
+ 	 * If a ':/' is present now it must be a host name, except
+ 	 * for those special file systems like sshfs which use "#"
+@@ -960,6 +966,18 @@ static int validate_location(unsigned in
+ 				      "found in location %s", *ptr, loc);
+ 				return 0;
+ 			}
++
++			/* Fail on replicated entry with empty host name */
++			if (*ptr == ',') {
++				char next = *(ptr + 1);
++
++				if (next == ',' || next == ':') {
++					error(logopt,
++					      "missing host name in location %s", loc);
++					return 0;
++				}
++			}
++
+ 			ptr++;
+ 		}
+ 
diff --git a/autofs.spec b/autofs.spec
index 0021f54..9a80950 100644
--- a/autofs.spec
+++ b/autofs.spec
@@ -8,7 +8,7 @@
 Summary: A tool for automatically mounting and unmounting filesystems
 Name: autofs
 Version: 5.1.4
-Release: 91%{?dist}
+Release: 92%{?dist}
 Epoch: 1
 License: GPLv2+
 Group: System Environment/Daemons
@@ -277,6 +277,7 @@ Patch248: autofs-5.1.8-fix-memory-leak-in-update_hosts_mounts.patch
 Patch249: autofs-5.1.7-fix-concat_options-error-handling.patch
 Patch250: autofs-5.1.8-fix-minus-only-option-handling-in-concat_options.patch
 Patch251: autofs-5.1.8-fix-incorrect-path-for-is_mounted-in-try_remount.patch
+Patch252: autofs-5.1.8-fail-on-empty-replicated-host-name.patch
 
 %if %{with_systemd}
 BuildRequires: systemd-units
@@ -595,6 +596,7 @@ echo %{version}-%{release} > .version
 %patch249 -p1
 %patch250 -p1
 %patch251 -p1
+%patch252 -p1
 
 %build
 LDFLAGS=-Wl,-z,now
@@ -690,6 +692,11 @@ fi
 %dir /etc/auto.master.d
 
 %changelog
+* Tue Jan 24 2023 Ian Kent <ikent@redhat.com> - 5.1.4-92
+- bz2161336 - Users can trigger a simple autofs DoS with wildcard automounter maps
+  - fail on empty trailing replicated host name.
+- Resolves: rhbz#2161336
+
 * Mon Dec 05 2022 Ian Kent <ikent@redhat.com> - 5.1.4-91
 - bz2148872 - autofs: errors in autofs-5.1.4-83.el8.x86_64 when restarting
   autofs with busy directories