diff --git a/meta-ohos-staging/recipes-connectivity/openthread/wpantund/CVE-2021-33889.patch b/meta-ohos-staging/recipes-connectivity/openthread/wpantund/CVE-2021-33889.patch
new file mode 100644
index 0000000000000000000000000000000000000000..4e7f379c16967d8c0cce49820cdcdceaf68ecfa5
--- /dev/null
+++ b/meta-ohos-staging/recipes-connectivity/openthread/wpantund/CVE-2021-33889.patch
@@ -0,0 +1,29 @@
+CVE: CVE-2021-33889
+Upstream-Status: Submitted [https://github.com/openthread/wpantund/pull/503]
+Signed-off-by: Stefan Schmidt <stefan.schmidt@huawei.com>
+
+From 2b6f6c54bba3ab397f0e83f9d5e9faee905ac559 Mon Sep 17 00:00:00 2001
+From: dot11monk <mitisgod@gmail.com>
+Date: Mon, 28 Jun 2021 10:31:44 +0530
+Subject: [PATCH] Fixed stack-buffer-overflow in metric_len
+
+---
+ src/ncp-spinel/SpinelNCPInstance.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/ncp-spinel/SpinelNCPInstance.cpp b/src/ncp-spinel/SpinelNCPInstance.cpp
+index e6d68ad..fee0f0a 100644
+--- a/src/ncp-spinel/SpinelNCPInstance.cpp
++++ b/src/ncp-spinel/SpinelNCPInstance.cpp
+@@ -2177,7 +2177,7 @@ unpack_link_metrics_as_val_map(const uint8_t *data_in, spinel_size_t data_len, V
+ 	spinel_ssize_t len;
+ 	uint8_t metric_type;
+ 	uint8_t *metric_ptr = NULL;
+-	uint16_t metric_len = 0;
++	uint32_t metric_len = 0;
+ 	int ret = kWPANTUNDStatus_Failure;
+ 
+ 	while (data_len > 0) {
+-- 
+2.31.1
+
diff --git a/meta-ohos-staging/recipes-connectivity/openthread/wpantund_git.bb b/meta-ohos-staging/recipes-connectivity/openthread/wpantund_git.bb
index 2e94ec406e0dbff49e26426cec69671b1b52217b..f04e9860b259818df8b8cd53768ec8e899750723 100644
--- a/meta-ohos-staging/recipes-connectivity/openthread/wpantund_git.bb
+++ b/meta-ohos-staging/recipes-connectivity/openthread/wpantund_git.bb
@@ -14,6 +14,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=e7820bc7f7d1638a6b54fc2e8d7fb103 \
                     "
 
 SRC_URI = "gitsm://github.com/openthread/wpantund.git;protocol=https \
+           file://CVE-2021-33889.patch \
            "
 # CVE-2020-8916 has been fixed in commit
 # 3f108441e23e033b936e85be5b6877dd0a1fbf1c which is included in the SRCREV