diff --git a/SOURCES/49923ccb2143e36850bcdeb781e2bcdf5ce22f15.patch b/SOURCES/49923ccb2143e36850bcdeb781e2bcdf5ce22f15.patch
new file mode 100644
index 0000000..ba077f8
--- /dev/null
+++ b/SOURCES/49923ccb2143e36850bcdeb781e2bcdf5ce22f15.patch
@@ -0,0 +1,54 @@
+From 49923ccb2143e36850bcdeb781e2bcdf5ce22f15 Mon Sep 17 00:00:00 2001
+From: John Hawthorn <john@hawthorn.email>
+Date: Wed, 2 Mar 2022 14:17:59 -0800
+Subject: [PATCH] Check need < buf->used
+
+We're guaranteed a power of 2 so that this becomes 0, but we might as
+well use a check for overflow that works in more cases.
+
+Unsigned integer overflow is defined behaviour, so this should be safe.
+
+(cherry picked from commit 36410d536b676e836637bb20574a56ebc920eb83)
+---
+ src/yajl_buf.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/src/yajl_buf.c b/src/yajl_buf.c
+index 1aeafde0..8bd1bea7 100644
+--- a/src/yajl_buf.c
++++ b/src/yajl_buf.c
+@@ -30,7 +30,7 @@ struct yajl_buf_t {
+ };
+ 
+ static
+-void yajl_buf_ensure_available(yajl_buf buf, size_t want)
++int yajl_buf_ensure_available(yajl_buf buf, size_t want)
+ {
+     size_t need;
+     
+@@ -46,11 +46,15 @@ void yajl_buf_ensure_available(yajl_buf buf, size_t want)
+     need = buf->len;
+ 
+     while (want >= (need - buf->used)) need <<= 1;
++    if (need < buf->used) {
++         return -1;
++    }
+ 
+     if (need != buf->len) {
+         buf->data = (unsigned char *) YA_REALLOC(buf->alloc, buf->data, need);
+         buf->len = need;
+     }
++    return 0;
+ }
+ 
+ yajl_buf yajl_buf_alloc(yajl_alloc_funcs * alloc)
+@@ -70,7 +74,8 @@ void yajl_buf_free(yajl_buf buf)
+ 
+ void yajl_buf_append(yajl_buf buf, const void * data, size_t len)
+ {
+-    yajl_buf_ensure_available(buf, len);
++    if (yajl_buf_ensure_available(buf, len))
++        return;
+     if (len > 0) {
+         assert(data != NULL);
+         memcpy(buf->data + buf->used, data, len);
diff --git a/SPECS/yajl.spec b/SPECS/yajl.spec
index 69bdf4d..878e3dc 100644
--- a/SPECS/yajl.spec
+++ b/SPECS/yajl.spec
@@ -3,7 +3,7 @@
 
 Name: yajl
 Version: 2.1.0
-Release: 20%{?dist}
+Release: 21%{?dist}
 Summary: Yet Another JSON Library (YAJL)
 
 License: ISC
@@ -23,6 +23,7 @@ Patch1: %{name}-%{version}-pkgconfig-location.patch
 Patch2: %{name}-%{version}-pkgconfig-includedir.patch
 Patch3: %{name}-%{version}-test-location.patch
 Patch4: %{name}-%{version}-dynlink-binaries.patch
+Patch5: https://github.com/containers/yajl/commit/49923ccb2143e36850bcdeb781e2bcdf5ce22f15.patch
 
 BuildRequires:  gcc
 BuildRequires: cmake
@@ -50,6 +51,7 @@ necessary for developing against the YAJL library
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
+%patch5 -p1
 
 %build
 # NB, we are not using upstream's 'configure'/'make'
@@ -94,6 +96,10 @@ cd test
 
 
 %changelog
+* Tue Apr 26 2022 Jindrich Novy <jnovy@redhat.com> - 2.1.0-21
+- fix CVE-2022-24795
+- Related: #2061316
+
 * Fri Oct 01 2021 Jindrich Novy <jnovy@redhat.com> - 2.1.0-20
 - perform only sanity/installability tests for now
 - Related: #2000051