diff --git a/debian/changelog b/debian/changelog
index 2223866..d470b3c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,6 @@
-libssh2 (1.10.0-ok1) yangtze; urgency=low
+libssh2 (1.10.0-ok5) yangtze; urgency=low
 
-  * Initial release.
+  * CVE-2020-22218 安全更新：access out of bounds
+
+ -- suzijiu <981811971@qq.com>  Tue, 19 Dec 2023 22:38:48 +0800
 
- -- Luoyaoming <luoyaoming@kylinos.cn>  Fri, 09 Dec 2022 09:50:06 +0800
diff --git a/src/transport.c b/src/transport.c
index 17af3e4..1074fc2 100644
--- a/src/transport.c
+++ b/src/transport.c
@@ -472,7 +472,7 @@ int _libssh2_transport_read(LIBSSH2_SESSION * session)
             /* Get a packet handle put data into. We get one to
                hold all data, including padding and MAC. */
             p->payload = LIBSSH2_ALLOC(session, total_num);
-            if(!p->payload) {
+            if(total_num == 0 || !p->payload) {
                 return LIBSSH2_ERROR_ALLOC;
             }
             p->total_num = total_num;