diff --git a/CVE-2023-4016.patch b/CVE-2023-4016.patch
new file mode 100644
index 0000000..1124fe4
--- /dev/null
+++ b/CVE-2023-4016.patch
@@ -0,0 +1,102 @@
+From 2c933ecba3bb1d3041a5a7a53a7b4078a6003413 Mon Sep 17 00:00:00 2001
+From: Craig Small <csmall@dropbear.xyz>
+Date: Thu, 10 Aug 2023 21:18:38 +1000
+Subject: [PATCH] ps: Fix possible buffer overflow in -C option
+
+ps allocates memory using malloc(length of arg * len of struct).
+In certain strange circumstances, the arg length could be very large
+and the multiplecation will overflow, allocating a small amount of
+memory.
+
+Subsequent strncpy() will then write into unallocated memory.
+The fix is to use calloc. It's slower but this is a one-time
+allocation. Other malloc(x * y) calls have also been replaced
+by calloc(x, y)
+
+References:
+ https://www.freelists.org/post/procps/ps-buffer-overflow-CVE-20234016
+ https://nvd.nist.gov/vuln/detail/CVE-2023-4016
+ https://gitlab.com/procps-ng/procps/-/issues/297
+ https://bugs.debian.org/1042887
+
+Signed-off-by: Craig Small <csmall@dropbear.xyz>
+---
+ ps/parser.c |   24 ++++++++++++------------
+ 1 file changed, 12 insertions(+), 12 deletions(-)
+
+--- ps/parser.c
++++ ps/parser.c	2023-08-15 12:19:13.375422122 +0000
+@@ -183,8 +183,7 @@ static const char *parse_list(const char
+   int need_item;
+   const char *err;       /* error code that could or did happen */
+   /*** prepare to operate ***/
+-  node = malloc(sizeof(selection_node));
+-  node->u = malloc(strlen(arg)*sizeof(sel_union)); /* waste is insignificant */
++  node = xmalloc(sizeof(selection_node));
+   node->n = 0;
+   buf = strdup(arg);
+   /*** sanity check and count items ***/
+@@ -205,6 +204,7 @@ static const char *parse_list(const char
+   } while (*++walk);
+   if(need_item) goto parse_error;
+   node->n = items;
++  node->u = xcalloc(items*sizeof(sel_union));
+   /*** actually parse the list ***/
+   walk = buf;
+   while(items--){
+@@ -569,8 +569,8 @@ static const char *parse_bsd_option(void
+       /* put our tty on a tiny list */
+       {
+         selection_node *node;
+-        node = malloc(sizeof(selection_node));
+-        node->u = malloc(sizeof(sel_union));
++        node = xmalloc(sizeof(selection_node));
++        node->u = xmalloc(sizeof(sel_union));
+         node->u[0].tty = cached_tty;
+         node->typecode = SEL_TTY;
+         node->n = 1;
+@@ -706,8 +706,8 @@ static const char *parse_bsd_option(void
+       if(!arg){
+         /* Wow, obsolete BSD syntax. Put our tty on a tiny list. */
+         selection_node *node;
+-        node = malloc(sizeof(selection_node));
+-        node->u = malloc(sizeof(sel_union));
++        node = xmalloc(sizeof(selection_node));
++        node->u = xmalloc(sizeof(sel_union));
+         node->u[0].tty = cached_tty;
+         node->typecode = SEL_TTY;
+         node->n = 1;
+@@ -1030,16 +1030,16 @@ static const char *parse_trailing_pids(v
+   argp = ps_argv + thisarg;
+   thisarg = ps_argc - 1;   /* we must be at the end now */
+ 
+-  pidnode = malloc(sizeof(selection_node));
+-  pidnode->u = malloc(i*sizeof(sel_union)); /* waste is insignificant */
++  pidnode = xmalloc(sizeof(selection_node));
++  pidnode->u = xcalloc(i*sizeof(sel_union)); /* waste is insignificant */
+   pidnode->n = 0;
+ 
+-  grpnode = malloc(sizeof(selection_node));
+-  grpnode->u = malloc(i*sizeof(sel_union)); /* waste is insignificant */
++  grpnode = xmalloc(sizeof(selection_node));
++  grpnode->u = xcalloc(i*sizeof(sel_union)); /* waste is insignificant */
+   grpnode->n = 0;
+ 
+-  sidnode = malloc(sizeof(selection_node));
+-  sidnode->u = malloc(i*sizeof(sel_union)); /* waste is insignificant */
++  sidnode = xmalloc(sizeof(selection_node));
++  sidnode->u = xcalloc(i*sizeof(sel_union)); /* waste is insignificant */
+   sidnode->n = 0;
+ 
+   while(i--){
+--- proc/libprocps.sym
++++ proc/libprocps.sym	2023-08-15 12:43:18.905661726 +0000
+@@ -67,6 +67,8 @@ global:
+ 	unix_print_signals;
+ 	uptime;
+ 	xalloc_err_handler;
++	xcalloc;
++	xmalloc;
+ local:
+ 	*;
+ };
diff --git a/procps.changes b/procps.changes
index 266a1b2..e8de6cf 100644
--- a/procps.changes
+++ b/procps.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Aug 15 12:24:00 UTC 2023 - Dr. Werner Fink <werner@suse.de>
+
+- Add patch CVE-2023-4016.patch
+  * CVE-2023-4016: ps buffer overflow (bsc#1214290)
+
 -------------------------------------------------------------------
 Tue Dec 27 13:14:52 UTC 2022 - Ludwig Nussel <lnussel@suse.com>
 
diff --git a/procps.spec b/procps.spec
index 70be884..5d80fa1 100644
--- a/procps.spec
+++ b/procps.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package procps
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -64,6 +64,8 @@ Patch33:        procps-ng-3.3.11-pmap4suse.patch
 Patch34:        procps-3.3.17-bsc1181976.patch
 # PATCH-FIX-UPSTREAM -- bsc#1195468
 Patch35:        bsc1195468-23da4f40.patch
+# PATCH-FIX-UPSTREAM -- bsc#1214290
+Patch36:        CVE-2023-4016.patch
 # PATCH-BACKPORT-FROM-UPSTREAM -- bsc#1181475: 'free' command reports misleading "used" value
 Patch42:        procps-3.3.17-library-bsc1181475.patch
 Patch43:        procps-3.3.17-top-bsc1181475.patch
@@ -149,6 +151,7 @@ the process information pseudo-file system.
 %patch33 -b .pmap4us
 %patch34
 %patch35 -p1
+%patch36 -p0
 %patch42
 %patch43