diff --git a/src/util-decode-der.c b/src/util-decode-der.c
index 67e7b0dda9..040e214b40 100644
--- a/src/util-decode-der.c
+++ b/src/util-decode-der.c
@@ -216,6 +216,12 @@ static Asn1Generic * DecodeAsn1DerGeneric(const unsigned char *buffer, uint32_t
              * sequence parsing will fail
              */
             child->length += (d_ptr - save_d_ptr);
+
+            if (child->length > max_size - (d_ptr - buffer)) {
+                SCFree(child);
+                return NULL;
+            }
+
             break;
     };
     if (child == NULL)