diff --git a/openldap-nss-null-pointer.patch b/openldap-nss-null-pointer.patch
new file mode 100644
index 0000000..7a7ec62
--- /dev/null
+++ b/openldap-nss-null-pointer.patch
@@ -0,0 +1,25 @@
+fix: Possible null pointer dereference introduced when adding NSS full non-blocking semantics
+
+Resolves: #684035 (RHEL)
+Upstream ITS: #6863
+
+--- openldap-2.4.24.orig/libraries/libldap/tls_m.c
++++ openldap-2.4.24/libraries/libldap/tls_m.c
+@@ -2272,7 +2272,7 @@
+ 	}
+ 
+ 	if ( p->firsttag == LBER_SEQUENCE ) {
+-		if ( *thebyte ) {
++		if ( thebyte ) {
+ 			*thebyte = p->firsttag;
+ 		}
+ 		return 1;
+@@ -2769,7 +2769,7 @@
+ 	struct tls_data		*p;
+  	p = tlsm_get_pvt_tls_data( fd );
+ 
+-	if ( !data ) {
++	if ( p == NULL || data == NULL ) {
+ 		return PR_FAILURE;
+ 	}
+ 
diff --git a/openldap.spec b/openldap.spec
index a4017bb..ccf9cde 100644
--- a/openldap.spec
+++ b/openldap.spec
@@ -29,6 +29,7 @@ Patch6: openldap-smbk5pwd-overlay.patch
 Patch7: openldap-ldaprc-currentdir.patch
 Patch8: openldap-userconfig-setgid.patch
 Patch9: openldap-nss-nofork.patch
+Patch10: openldap-nss-null-pointer.patch
 
 # patches for the evolution library (see README.evolution)
 Patch200: openldap-evolution-ntlm.patch
@@ -130,6 +131,7 @@ pushd openldap-%{version}
 %patch7 -p1 -b .ldaprc-currentdir
 %patch8 -p1 -b .userconfig-setgid
 %patch9 -p1 -b .nss-nofork
+%patch10 -p1 -b .nss-null-pointer
 
 cp %{_datadir}/libtool/config/config.{sub,guess} build/
 
diff --git a/series b/series
index dc748f6..86e8280 100644
--- a/series
+++ b/series
@@ -8,4 +8,5 @@ openldap-smbk5pwd-overlay.patch
 openldap-ldaprc-currentdir.patch
 openldap-userconfig-setgid.patch
 openldap-nss-nofork.patch
+openldap-nss-null-pointer.patch
 openldap-evolution-ntlm.patch