new file mode 100644
@@ -0,0 +1,32 @@
+From 1a5fbefa59465bec80425add562bdb1d36ec8e23 Mon Sep 17 00:00:00 2001
+From: Denis Grigorev <d.grigorev@omp.ru>
+Date: Fri, 29 Dec 2023 13:30:04 +0300
+Subject: [PATCH] smsutil: Validate the length of the address field
+
+This addresses CVE-2023-4233.
+
+CVE: CVE-2023-4233
+
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=1a5fbefa59465bec]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ src/smsutil.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/smsutil.c b/src/smsutil.c
+index 5a12708..8dd2126 100644
+--- a/src/smsutil.c
++++ b/src/smsutil.c
+@@ -626,6 +626,9 @@ gboolean sms_decode_address_field(const unsigned char *pdu, int len,
+
+ if (!next_octet(pdu, len, offset, &addr_len))
+ return FALSE;
++ /* According to 23.040 9.1.2.5 Address-Length must not exceed 20 */
++ if (addr_len > 20)
++ return FALSE;
+
+ if (sc && addr_len == 0) {
+ out->address[0] = '\0';
+--
+2.40.0
@@ -13,6 +13,7 @@ SRC_URI = "\
file://0001-mbim-add-an-optional-TEMP_FAILURE_RETRY-macro-copy.patch \
file://0002-mbim-Fix-build-with-ell-0.39-by-restoring-unlikely-m.patch \
file://CVE-2023-4234.patch \
+ file://CVE-2023-4233.patch \
"
SRC_URI[sha256sum] = "c0b96d3013447ec2bcb74579bef90e4e59c68dbfa4b9c6fbce5d12401a43aac7"