diff --git a/package/iproute2/0001-nstat-NULL-Dereference-when-no-entries-specified.patch b/package/iproute2/0001-nstat-NULL-Dereference-when-no-entries-specified.patch
new file mode 100644
index 0000000000..9b5e727fe3
--- /dev/null
+++ b/package/iproute2/0001-nstat-NULL-Dereference-when-no-entries-specified.patch
@@ -0,0 +1,36 @@
+From 866e1d107b7de68ca1fcd1d4d5ffecf9d96bff30 Mon Sep 17 00:00:00 2001
+From: ZiAo Li <23110240084@m.fudan.edu.cn>
+Date: Wed, 9 Apr 2025 23:03:30 +0800
+Subject: [PATCH] nstat: NULL Dereference when no entries specified
+
+The NULL Pointer Dereference vulnerability happens in load_ugly_table(), misc/nstat.c, in the latest version of iproute2.
+The vulnerability can be triggered by:
+1. db is set to NULL at struct nstat_ent *db = NULL;
+2. n is set to NULL at n = db;
+3. NULL dereference of variable n happens at sscanf(p+1, "%llu", &n->val) != 1
+
+Signed-off-by: ZiAo Li <23110240084@m.fudan.edu.cn>
+Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
+Upstream: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=866e1d107b7de68ca1fcd1d4d5ffecf9d96bff30
+---
+ misc/nstat.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/misc/nstat.c b/misc/nstat.c
+index fce3e9c1..b2e19bde 100644
+--- a/misc/nstat.c
++++ b/misc/nstat.c
+@@ -218,6 +218,10 @@ static void load_ugly_table(FILE *fp)
+ 			p = next;
+ 		}
+ 		n = db;
++		if (n == NULL) {
++			fprintf(stderr, "Error: Invalid input – line has ':' but no entries. Add values after ':'.\n");
++			exit(-2);
++		}
+ 		nread = getline(&buf, &buflen, fp);
+ 		if (nread == -1) {
+ 			fprintf(stderr, "%s:%d: error parsing history file\n",
+-- 
+2.49.0
+