diff --git a/.httpd.metadata b/.httpd.metadata
new file mode 100644
index 0000000..a98ee9a
--- /dev/null
+++ b/.httpd.metadata
@@ -0,0 +1 @@
+4a38471de821288b0300148016f2b03dfee8adf2 httpd-2.4.37.tar.bz2
diff --git a/httpd-2.4.37-CVE-2023-31122.patch b/httpd-2.4.37-CVE-2023-31122.patch
new file mode 100644
index 0000000..c2aa207
--- /dev/null
+++ b/httpd-2.4.37-CVE-2023-31122.patch
@@ -0,0 +1,11 @@
+--- a/modules/core/mod_macro.c	2023/10/16 06:19:16	1912992
++++ b/modules/core/mod_macro.c	2023/10/16 06:38:32	1912993
+@@ -483,7 +483,7 @@
+     for (i = 0; i < contents->nelts; i++) {
+         const char *errmsg;
+         /* copy the line and substitute macro parameters */
+-        strncpy(line, ((char **) contents->elts)[i], MAX_STRING_LEN - 1);
++        apr_cpystrn(line, ((char **) contents->elts)[i], MAX_STRING_LEN);
+         errmsg = substitute_macro_args(line, MAX_STRING_LEN,
+                                        macro, replacements, used);
+         if (errmsg) {
diff --git a/httpd.spec b/httpd.spec
index f49ab6a..2bc66fb 100644
--- a/httpd.spec
+++ b/httpd.spec
@@ -13,7 +13,7 @@
 Summary: Apache HTTP Server
 Name: httpd
 Version: 2.4.37
-Release: 63%{?dist}
+Release: 64%{?dist}
 URL: https://httpd.apache.org/
 Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
 Source2: httpd.logrotate
@@ -256,6 +256,8 @@ Patch237: httpd-2.4.37-CVE-2022-36760.patch
 Patch238: httpd-2.4.37-CVE-2023-25690.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2176211
 Patch239: httpd-2.4.37-CVE-2023-27522.patch
+# https://issues.redhat.com/browse/RHEL-14448
+Patch240: httpd-2.4.37-CVE-2023-31122.patch
 
 License: ASL 2.0
 Group: System Environment/Daemons
@@ -481,6 +483,7 @@ interface for storing and accessing per-user session data.
 %patch237 -p1 -b .CVE-2022-36760
 %patch238 -p1 -b .CVE-2023-25690
 %patch239 -p1 -b .CVE-2023-27522
+%patch240 -p1 -b .CVE-2023-31122
 
 # Patch in the vendor string
 sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h
@@ -986,6 +989,10 @@ rm -rf $RPM_BUILD_ROOT
 %{_rpmconfigdir}/macros.d/macros.httpd
 
 %changelog
+* Fri Feb 16 2024 Joe Orton <jorton@redhat.com> - 2.4.37-64
+- Resolves: RHEL-14448 - httpd: mod_macro: out-of-bounds read
+  vulnerability (CVE-2023-31122)
+
 * Wed Feb 14 2024 Joe Orton <jorton@redhat.com> - 2.4.37-63
 - mod_xml2enc: fix media type handling
   Resolves: RHEL-14321