new file mode 100644
@@ -0,0 +1,33 @@
+From ad19a059ec459552d9c4ba2ffa40e0cb2e7034bb Mon Sep 17 00:00:00 2001
+From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
+Date: Thu, 25 Jun 2026 21:58:49 +0000
+Subject: [PATCH] Fix extension header parsing. Credit: Himanshu Anand
+
+CVE: CVE-2026-58058
+Upstream-Status: Backport [https://github.com/nmap/nmap/commit/bb6754e76bb1686315008e1aa1c40202a513fb83]
+
+(cherry picked from commit bb6754e76bb1686315008e1aa1c40202a513fb83)
+Signed-off-by: Deepak Rathore <deeratho@cisco.com>
+---
+ libnetutil/netutil.cc | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/libnetutil/netutil.cc b/libnetutil/netutil.cc
+index e11b3f103..4d26f3c41 100644
+--- a/libnetutil/netutil.cc
++++ b/libnetutil/netutil.cc
+@@ -687,11 +687,13 @@ static const void *ipv6_get_data_primitive(const struct ip6_hdr *ip6,
+ *nxt = ip6->ip6_nxt;
+ p += sizeof(*ip6);
+ while (p < end && ipv6_is_extension_header(*nxt)) {
+- if (p + 2 > end)
++ if (p + 8 > end)
+ return NULL;
+ *nxt = *p;
+ p += (*(p + 1) + 1) * 8;
+ }
++ if (p >= end)
++ return NULL;
+
+ *len = end - p;
+ if (upperlayer_only && !ipv6_is_upperlayer(*nxt))
@@ -12,6 +12,7 @@ SRC_URI = "http://nmap.org/dist/${BP}.tar.bz2 \
file://0002-Fix-building-with-libc.patch \
file://0003-Fix-off-by-one-overflow-in-the-IP-protocol-table.patch \
file://0001-fix-racing-between-build-ncat-and-build-lua.patch \
+ file://CVE-2026-58058.patch \
"
SRC_URI[sha256sum] = "e14ab530e47b5afd88f1c8a2bac7f89cd8fe6b478e22d255c5b9bddb7a1c5778"