diff --git a/glibc-fix-cve-2024-33599.patch b/glibc-fix-cve-2024-33599.patch
new file mode 100644
index 0000000..e0eb939
--- /dev/null
+++ b/glibc-fix-cve-2024-33599.patch
@@ -0,0 +1,37 @@
+From 87801a8fd06db1d654eea3e4f7626ff476a9bdaa Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Thu, 25 Apr 2024 15:00:45 +0200
+Subject: [PATCH] CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup
+ cache (bug 31677)
+
+Using alloca matches what other caches do.  The request length is
+bounded by MAXKEYLEN.
+
+Reviewed-by: Carlos O'Donell <carlos@redhat.com>
+---
+ nscd/netgroupcache.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c
+index 0c6e46f15c..f227dc7fa2 100644
+--- a/nscd/netgroupcache.c
++++ b/nscd/netgroupcache.c
+@@ -502,12 +502,13 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req,
+       = (struct indataset *) mempool_alloc (db,
+ 					    sizeof (*dataset) + req->key_len,
+ 					    1);
+-  struct indataset dataset_mem;
+   bool cacheable = true;
+   if (__glibc_unlikely (dataset == NULL))
+     {
+       cacheable = false;
+-      dataset = &dataset_mem;
++      /* The alloca is safe because nscd_run_worker verfies that
++	 key_len is not larger than MAXKEYLEN.  */
++      dataset = alloca (sizeof (*dataset) + req->key_len);
+     }
+ 
+   datahead_init_pos (&dataset->head, sizeof (*dataset) + req->key_len,
+-- 
+2.44.0
+
diff --git a/glibc.changes b/glibc.changes
index 6f5b443..acad9d8 100644
--- a/glibc.changes
+++ b/glibc.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Apr 29 17:42:43 UTC 2024 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- glibc-fix-cve-2024-33599.patch: nscd: Stack-based buffer overflow in
+  netgroup cache (CVE-2024-33599, bsc#1223423)
+
 -------------------------------------------------------------------
 Thu Apr 18 07:55:49 UTC 2024 - Andreas Schwab <schwab@suse.de>
 
diff --git a/glibc.spec b/glibc.spec
index 8437610..ea086da 100644
--- a/glibc.spec
+++ b/glibc.spec
@@ -314,6 +314,8 @@ Patch1003:      sigisemptyset.patch
 Patch1004:      stdbit-builtins.patch
 # PATCH-FIX-UPSTREAM iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961)
 Patch1005:      iconv-iso-2022-cn-ext.patch
+# PATCH-FIX-UPSTREAM: CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache
+Patch1006:      glibc-fix-cve-2024-33599.patch
 %endif
 
 ###