diff --git a/sdk_container/src/third_party/coreos-overlay/dev-util/bsdiff/bsdiff-4.3-r7.ebuild b/sdk_container/src/third_party/coreos-overlay/dev-util/bsdiff/bsdiff-4.3-r8.ebuild
similarity index 87%
rename from sdk_container/src/third_party/coreos-overlay/dev-util/bsdiff/bsdiff-4.3-r7.ebuild
rename to sdk_container/src/third_party/coreos-overlay/dev-util/bsdiff/bsdiff-4.3-r8.ebuild
index 1c36fc7add..140635d62d 100644
--- a/sdk_container/src/third_party/coreos-overlay/dev-util/bsdiff/bsdiff-4.3-r7.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/dev-util/bsdiff/bsdiff-4.3-r8.ebuild
@@ -18,8 +18,10 @@ RDEPEND="app-arch/bzip2"
 
 PATCHES=(
 	"${FILESDIR}/${P}-CVE-2014-9862.patch"
-	# Flatcar: Apply patch to change suffix sort to sais-lite
+	# Flatcar: Apply patch to change suffix sort to sais-lite, and
+	# to fix heap overflow vulnerability CVE-2020-14315.
 	"${FILESDIR}/${PV}_bsdiff-convert-to-sais-lite-suffix-sort.patch"
+	"${FILESDIR}/${P}-CVE-2020-14315.patch"
 )
 
 src_compile() {
diff --git a/sdk_container/src/third_party/coreos-overlay/dev-util/bsdiff/files/bsdiff-4.3-CVE-2020-14315.patch b/sdk_container/src/third_party/coreos-overlay/dev-util/bsdiff/files/bsdiff-4.3-CVE-2020-14315.patch
new file mode 100644
index 0000000000..1ee302dca2
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/dev-util/bsdiff/files/bsdiff-4.3-CVE-2020-14315.patch
@@ -0,0 +1,22 @@
+--- a/bspatch.c	2021-01-11 15:53:32.642707355 +0100
++++ b/bspatch.c	2021-01-11 16:00:14.704637769 +0100
+@@ -35,6 +35,7 @@
+ #include <err.h>
+ #include <unistd.h>
+ #include <fcntl.h>
++#include <limits.h>
+ 
+ static off_t offtin(u_char *buf)
+ {
+@@ -152,8 +153,9 @@
+ 		};
+ 
+ 		/* Sanity-check */
+-		if ((ctrl[0] < 0) || (ctrl[1] < 0))
+-			errx(1,"Corrupt patch\n");
++		if (ctrl[0] < 0 || ctrl[0] > INT_MAX ||
++		    ctrl[1] < 0 || ctrl[1] > INT_MAX)
++			errx(1, "Corrupt patch\n");
+ 
+ 		/* Sanity-check */
+ 		if(newpos+ctrl[0]>newsize)