diff --git a/0005-avoid-read-heap-buffer-overflow-332.patch b/0005-avoid-read-heap-buffer-overflow-332.patch
new file mode 100644
index 0000000..36d399f
--- /dev/null
+++ b/0005-avoid-read-heap-buffer-overflow-332.patch
@@ -0,0 +1,30 @@
+From 65f83b8bf15a128524ef5fe26e1f1e219ee9b872 Mon Sep 17 00:00:00 2001
+From: Alexey Tikhonov <atikhono@redhat.com>
+Date: Fri, 1 Sep 2023 20:00:12 +0200
+Subject: [PATCH] avoid read-heap-buffer-overflow (#332)
+
+Fix invalid read in ares_parse_soa_reply.c found during fuzzing
+
+Fixes Bug: #333
+Fix By: lutianxiong (@ltx2018)
+---
+ ares_parse_soa_reply.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/ares_parse_soa_reply.c b/ares_parse_soa_reply.c
+index 35af0a7..5924bbc 100644
+--- a/ares_parse_soa_reply.c
++++ b/ares_parse_soa_reply.c
+@@ -65,6 +65,9 @@ ares_parse_soa_reply(const unsigned char *abuf, int alen,
+   status = ares__expand_name_for_response(aptr, abuf, alen, &qname, &len);
+   if (status != ARES_SUCCESS)
+     goto failed_stat;
++
++  if (alen <= len + HFIXEDSZ + 1)
++    goto failed;
+   aptr += len;
+ 
+   /* skip qtype & qclass */
+-- 
+2.38.1
+
diff --git a/c-ares.spec b/c-ares.spec
index 080773b..abb01d2 100644
--- a/c-ares.spec
+++ b/c-ares.spec
@@ -1,7 +1,7 @@
 Summary: A library that performs asynchronous DNS operations
 Name: c-ares
 Version: 1.13.0
-Release: 8%{?dist}
+Release: 9%{?dist}
 License: MIT
 Group: System Environment/Libraries
 URL: http://c-ares.haxx.se/
@@ -12,6 +12,7 @@ Patch0: 0001-Use-RPM-compiler-options.patch
 Patch1: 0002-fix-CVE-2021-3672.patch
 Patch2: 0003-Add-str-len-check-in-config_sortlist-to-avoid-stack-.patch
 Patch3: 0004-Merge-pull-request-from-GHSA-9g78-jv2r-p7vc.patch
+Patch4: 0005-avoid-read-heap-buffer-overflow-332.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
@@ -40,6 +41,7 @@ compile applications or shared objects that use c-ares.
 %patch1 -p1 -b .dns
 %patch2 -p1 -b .sortlist
 %patch3 -p1 -b .udp
+%patch4 -p1 -b .buffer
 
 cp %{SOURCE1} .
 f=CHANGES ; iconv -f iso-8859-1 -t utf-8 $f -o $f.utf8 ; mv $f.utf8 $f
@@ -78,6 +80,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man3/ares_*
 
 %changelog
+* Fri Sep  8 2023 Alexey Tikhonov <atikhono@redhat.com> - 1.13.0-9
+- Resolves: rhbz#2235805 - read-heap-buffer-overflow in ares_parse_soa_reply [rhel-8]
+
 * Mon May 29 2023 Alexey Tikhonov <atikhono@redhat.com> - 1.13.0-8
 - Resolves: rhbz#2209517 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service [rhel-8.9.0]