diff --git a/pkgs/tools/networking/keepalived/default.nix b/pkgs/tools/networking/keepalived/default.nix
index 2d6d9ad3de2..4e1894db98c 100644
--- a/pkgs/tools/networking/keepalived/default.nix
+++ b/pkgs/tools/networking/keepalived/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchFromGitHub, libnfnetlink, libnl, net_snmp, openssl, pkgconfig }:
+{ stdenv, fetchFromGitHub, fetchpatch, libnfnetlink, libnl, net_snmp, openssl, pkgconfig }:
 
 stdenv.mkDerivation rec {
   pname = "keepalived";
@@ -11,6 +11,14 @@ stdenv.mkDerivation rec {
     sha256 = "12r80rcfxrys826flaqcdlfhcr7q4ccsd62ra1svy9545vf02qmx";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2018-19115.patch";
+      url = "https://github.com/acassen/keepalived/pull/961/commits/f28015671a4b04785859d1b4b1327b367b6a10e9.patch";
+      sha256 = "1jnwk7x4qdgv7fb4jzw6sihv62n8wv04myhgwm2vxn8nfkcgd1mm";
+    })
+  ];
+
   buildInputs = [
     libnfnetlink
     libnl