diff --git a/cyrus-imapd-CVE-2021-33582.patch b/cyrus-imapd-CVE-2021-33582.patch
new file mode 100644
index 0000000..055f2d4
--- /dev/null
+++ b/cyrus-imapd-CVE-2021-33582.patch
@@ -0,0 +1,170 @@
+diff --git a/imap/http_dav.c b/imap/http_dav.c
+index d5f7c114a2..abc6da42ca 100644
+--- a/imap/http_dav.c
++++ b/imap/http_dav.c
+@@ -6108,7 +6108,7 @@ EXPORTED int meth_propfind(struct transaction_t *txn, void *params)
+     xmlDocPtr indoc = NULL, outdoc = NULL;
+     xmlNodePtr root, cur = NULL, props = NULL;
+     xmlNsPtr ns[NUM_NAMESPACE];
+-    struct hash_table ns_table = { 0, NULL, NULL };
++    struct hash_table ns_table = HASH_TABLE_INITIALIZER;
+     struct propfind_ctx fctx;
+ 
+     memset(&fctx, 0, sizeof(struct propfind_ctx));
+@@ -8083,7 +8083,7 @@ int meth_report(struct transaction_t *txn, void *params)
+     xmlNodePtr inroot = NULL, outroot = NULL, cur, prop = NULL, props = NULL;
+     const struct report_type_t *report = NULL;
+     xmlNsPtr ns[NUM_NAMESPACE];
+-    struct hash_table ns_table = { 0, NULL, NULL };
++    struct hash_table ns_table = HASH_TABLE_INITIALIZER;
+     struct propfind_ctx fctx;
+ 
+     memset(&fctx, 0, sizeof(struct propfind_ctx));
+diff --git a/imap/jmap_mail.c b/imap/jmap_mail.c
+index 7f2d9cb563..84845d273b 100644
+--- a/imap/jmap_mail.c
++++ b/imap/jmap_mail.c
+@@ -4334,7 +4334,7 @@ static void _email_querychanges_collapsed(jmap_req_t *req,
+     memset(&touched_ids, 0, sizeof(hash_table));
+     construct_hash_table(&touched_ids, mdcount + 1, 0);
+ 
+-    hashu64_table touched_cids = HASH_TABLE_INITIALIZER;
++    hashu64_table touched_cids = HASHU64_TABLE_INITIALIZER;
+     memset(&touched_cids, 0, sizeof(hashu64_table));
+     construct_hashu64_table(&touched_cids, mdcount + 1, 0);
+ 
+diff --git a/lib/hash.c b/lib/hash.c
+index 639b6997e6..593f1bf968 100644
+--- a/lib/hash.c
++++ b/lib/hash.c
+@@ -43,10 +43,11 @@ EXPORTED hash_table *construct_hash_table(hash_table *table, size_t size, int us
+       assert(table);
+       assert(size);
+ 
+-      table->size  = size;
++      table->size = size;
++      table->seed = rand(); /* might be zero, that's okay */
+ 
+       /* Allocate the table -- different for using memory pools and not */
+-      if(use_mpool) {
++      if (use_mpool) {
+           /* Allocate an initial memory pool for 32 byte keys + the hash table
+            * + the buckets themselves */
+           table->pool =
+@@ -72,7 +73,7 @@ EXPORTED hash_table *construct_hash_table(hash_table *table, size_t size, int us
+ 
+ EXPORTED void *hash_insert(const char *key, void *data, hash_table *table)
+ {
+-      unsigned val = strhash(key) % table->size;
++      unsigned val = strhash_seeded(table->seed, key) % table->size;
+       bucket *ptr, *newptr;
+       bucket **prev;
+ 
+@@ -159,7 +160,7 @@ EXPORTED void *hash_lookup(const char *key, hash_table *table)
+       if (!table->size)
+           return NULL;
+ 
+-      val = strhash(key) % table->size;
++      val = strhash_seeded(table->seed, key) % table->size;
+ 
+       if (!(table->table)[val])
+             return NULL;
+@@ -183,7 +184,7 @@ EXPORTED void *hash_lookup(const char *key, hash_table *table)
+  * since it will leak memory until you get rid of the entire hash table */
+ EXPORTED void *hash_del(const char *key, hash_table *table)
+ {
+-      unsigned val = strhash(key) % table->size;
++      unsigned val = strhash_seeded(table->seed, key) % table->size;
+       bucket *ptr, *last = NULL;
+ 
+       if (!(table->table)[val])
+diff --git a/lib/hash.h b/lib/hash.h
+index e49037d614..e476de77da 100644
+--- a/lib/hash.h
++++ b/lib/hash.h
+@@ -3,10 +3,11 @@
+ #define HASH__H
+ 
+ #include <stddef.h>           /* For size_t     */
++#include <stdint.h>
+ #include "mpool.h"
+ #include "strarray.h"
+ 
+-#define HASH_TABLE_INITIALIZER {0, NULL, NULL}
++#define HASH_TABLE_INITIALIZER {0, 0, NULL, NULL}
+ 
+ /*
+ ** A hash table consists of an array of these buckets.  Each bucket
+@@ -32,6 +33,7 @@ typedef struct bucket {
+ 
+ typedef struct hash_table {
+     size_t size;
++    uint32_t seed;
+     bucket **table;
+     struct mpool *pool;
+ } hash_table;
+diff --git a/lib/strhash.c b/lib/strhash.c
+index d7c1741d2a..1b3251db73 100644
+--- a/lib/strhash.c
++++ b/lib/strhash.c
+@@ -42,17 +42,32 @@
+ 
+ #include "config.h"
+ 
+-EXPORTED unsigned strhash(const char *string)
++#include "lib/strhash.h"
++
++/* The well-known djb2 algorithm (e.g. http://www.cse.yorku.ca/~oz/hash.html),
++ * with the addition of an optional seed to limit predictability.
++ *
++ * XXX return type 'unsigned' for back-compat to previous version, but
++ * XXX ought to be 'uint32_t'
++ */
++EXPORTED unsigned strhash_seeded_djb2(uint32_t seed, const char *string)
+ {
+-      unsigned ret_val = 0;
+-      int i;
++    const unsigned char *ustr = (const unsigned char *) string;
++    unsigned hash = 5381;
++    int c;
+ 
+-      while (*string)
+-      {
+-            i = (int) *string;
+-            ret_val ^= i;
+-            ret_val <<= 1;
+-            string ++;
+-      }
+-      return ret_val;
++    if (seed) {
++        /* treat the bytes of the seed as a prefix to the string */
++        unsigned i;
++        for (i = 0; i < sizeof seed; i++) {
++            c = seed & 0xff;
++            hash = ((hash << 5) + hash) ^ c;
++            seed >>= 8;
++        }
++    }
++
++    while ((c = *ustr++))
++        hash = ((hash << 5) + hash) ^ c;
++
++    return hash;
+ }
+diff --git a/lib/strhash.h b/lib/strhash.h
+index 34533fdffa..27339bb288 100644
+--- a/lib/strhash.h
++++ b/lib/strhash.h
+@@ -41,7 +41,11 @@
+  */
+ 
+ #ifndef _STRHASH_H_
++#include <stdint.h>
+ 
+-unsigned strhash(const char *string);
++unsigned strhash_seeded_djb2(uint32_t seed, const char *string);
++
++#define strhash(in)             strhash_seeded_djb2((0),  (in))
++#define strhash_seeded(sd, in)  strhash_seeded_djb2((sd), (in))
+ 
+ #endif /* _STRHASH_H_ */
diff --git a/cyrus-imapd.spec b/cyrus-imapd.spec
index b6bbef4..4d24884 100644
--- a/cyrus-imapd.spec
+++ b/cyrus-imapd.spec
@@ -14,7 +14,7 @@
 
 Name: cyrus-imapd
 Version: 3.4.1
-Release: 4%{?dist}
+Release: 5%{?dist}
 
 
 %define ssl_pem_file_prefix /etc/pki/%name/%name
@@ -55,6 +55,7 @@ Patch2: patch-cyrus-rename-quota
 # https://github.com/cyrusimap/cyrus-imapd/issues/2629#issuecomment-456925909
 Patch4: patch-cyrus-perl-linking
 
+Patch5: cyrus-imapd-CVE-2021-33582.patch
 
 Source10: cyrus-imapd.logrotate
 Source11: cyrus-imapd.pam-config
@@ -660,6 +661,10 @@ getent passwd cyrus >/dev/null || /usr/sbin/useradd -c "Cyrus IMAP Server" -d /v
 
 
 %changelog
+* Wed Nov 03 2021 Martin Osvald <mosvald@redhat.com> - 3.4.1-5
+- Add fix for CVE-2021-33582
+- Resolves: #1994034
+
 * Mon Aug 23 2021 Pavel Zhukov <pzhukov@redhat.com> - 3.4.1-4
 - Drop tzdist module. Clients must use OS provided timezone info