diff --git a/SPECS/bind/CVE-2020-8625.patch b/SPECS/bind/CVE-2020-8625.patch
new file mode 100644
index 0000000000..7e63939c14
--- /dev/null
+++ b/SPECS/bind/CVE-2020-8625.patch
@@ -0,0 +1,12 @@
+diff -urN bind-9.16.3-original/lib/dns/spnego.c bind-9.16.3/lib/dns/spnego.c
+--- bind-9.16.3-original/lib/dns/spnego.c	2021-03-01 08:56:47.639826977 -0800
++++ bind-9.16.3/lib/dns/spnego.c	2021-03-01 08:58:57.223786168 -0800
+@@ -842,7 +842,7 @@
+ 		return (ASN1_OVERRUN);
+ 	}
+ 
+-	data->components = malloc(len * sizeof(*data->components));
++	data->components = malloc((len + 1) * sizeof(*data->components));
+ 	if (data->components == NULL) {
+ 		return (ENOMEM);
+ 	}
diff --git a/SPECS/bind/bind.spec b/SPECS/bind/bind.spec
index 40796f3a23..1b2ca9cb53 100644
--- a/SPECS/bind/bind.spec
+++ b/SPECS/bind/bind.spec
@@ -1,7 +1,7 @@
 Summary:        Domain Name System software
 Name:           bind
 Version:        9.16.3
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        ISC
 URL:            https://www.isc.org/downloads/bind/
 Source0:        https://ftp.isc.org/isc/bind9/%{version}/%{name}-%{version}.tar.xz
@@ -15,6 +15,7 @@ Patch5:         CVE-2020-8622.patch
 # CVE-2020-8623 only impacts package built with "--enable-native-pkcs11"
 Patch6:         CVE-2020-8623.nopatch
 Patch7:         CVE-2020-8624.patch 
+Patch8:         CVE-2020-8625.patch 
 Group:          Development/Tools
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -93,6 +94,8 @@ fi
 %{_prefix}/lib/tmpfiles.d/named.conf
 
 %changelog
+*   Mon Mar 01 2021 Nicolas Guibourge <nicolasg@microsoft.com> - 9.16.3-3
+-   Fixes CVE-2020-8625
 *   Fri Sep 11 2020 Ruying Chen <v-ruyche@microsoft.com> - 9.16.3-2
 -   Fixes CVE-2020-8618, CVE-2020-8619, CVE-2020-8620,
 -   CVE-2020-8621, CVE-2020-8622, CVE-2020-8623, CVE-2020-8624