diff --git a/net-misc/curl/curl-7.74.0-r2.ebuild b/net-misc/curl/curl-7.74.0-r3.ebuild
similarity index 97%
rename from net-misc/curl/curl-7.74.0-r2.ebuild
rename to net-misc/curl/curl-7.74.0-r3.ebuild
index 073cde3..b855932 100644
--- a/net-misc/curl/curl-7.74.0-r2.ebuild
+++ b/net-misc/curl/curl-7.74.0-r3.ebuild
@@ -106,6 +106,10 @@
 	eapply "${FILESDIR}"/${PN}-respect-cflags-3.patch
 	eapply "${FILESDIR}"/${PN}-fix-gnutls-nettle.patch
 
+	# lakitu: apply upstream patch to resolve CVE-2021-22945
+	# https://github.com/curl/curl/commit/43157490a5054bd
+	eapply "${FILESDIR}"/${PN}-mqtt-clear-leftover-pointer-on-send-success.patch
+
 	sed -i '/LD_LIBRARY_PATH=/d' configure.ac || die #382241
 	sed -i '/CURL_MAC_CFLAGS/d' configure.ac || die #637252
 
diff --git a/net-misc/curl/files/curl-mqtt-clear-leftover-pointer-on-send-success.patch b/net-misc/curl/files/curl-mqtt-clear-leftover-pointer-on-send-success.patch
new file mode 100644
index 0000000..c23a5f8
--- /dev/null
+++ b/net-misc/curl/files/curl-mqtt-clear-leftover-pointer-on-send-success.patch
@@ -0,0 +1,15 @@
+diff --git a/lib/mqtt.c b/lib/mqtt.c
+index e324ec3dd..edcd6d72c 100644
+--- a/lib/mqtt.c
++++ b/lib/mqtt.c
+@@ -124,6 +124,10 @@ static CURLcode mqtt_send(struct connectdata *conn,
+     mq->sendleftovers = sendleftovers;
+     mq->nsend = nsend;
+   }
++  else {
++    mq->sendleftovers = NULL;
++    mq->nsend = 0;
++  }
+   return result;
+ }
+