diff --git a/SOURCES/openssl-1.0.2k-cve-2021-3712.patch b/SOURCES/openssl-1.0.2k-cve-2021-3712.patch
index 43a1687..dfa10ca 100644
--- a/SOURCES/openssl-1.0.2k-cve-2021-3712.patch
+++ b/SOURCES/openssl-1.0.2k-cve-2021-3712.patch
@@ -300,8 +300,8 @@ diff -up openssl-1.0.2k/crypto/x509v3/v3_utl.c.read-buff openssl-1.0.2k/crypto/x
 -    emtmp = BUF_strdup((char *)email->data);
 -    if (!emtmp || !sk_OPENSSL_STRING_push(*sk, emtmp)) {
 +    }
-+    if (sk_OPENSSL_STRING_push(*sk, emtmp)) {
-+        OPENSSL_free(emtmp);
++    if (!sk_OPENSSL_STRING_push(*sk, emtmp)) {
++        OPENSSL_free(emtmp); /* free on push failure */
          X509_email_free(*sk);
          *sk = NULL;
          return 0;
diff --git a/SPECS/openssl.spec b/SPECS/openssl.spec
index 2c52b48..0b83f8c 100644
--- a/SPECS/openssl.spec
+++ b/SPECS/openssl.spec
@@ -23,7 +23,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 1.0.2k
-Release: 23%{?dist}
+Release: 24%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -559,6 +559,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
 %postun libs -p /sbin/ldconfig
 
 %changelog
+* Thu Jan 13 2022 Sahana Prasad <sahana@redhat.com> 1.0.2k-24
+- Updates patch openssl-1.0.2k-cve-2021-3712.patch to only free on push failure.
+- Resolves: rhbz#2039993
+
 * Sat Nov 20 2021 Sahana Prasad <sahana@redhat.com> 1.0.2k-23
 - fixes CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings
 - Resolves: rhbz#1996054