diff --git a/mongoose.c b/mongoose.c
index 5b24e4f907..745c068c31 100644
--- a/mongoose.c
+++ b/mongoose.c
@@ -15526,6 +15526,7 @@ static int mg_der_to_tlv(uint8_t *der, size_t dersz, struct mg_der_tlv *tlv) {
   tlv->value = der + 2;
   if (tlv->len > 0x7f) {
     uint32_t i, n = tlv->len - 0x80;
+    if (dersz < (size_t) (2 + n)) return -1;
     tlv->len = 0;
     for (i = 0; i < n; i++) {
       tlv->len = (tlv->len << 8) | (der[2 + i]);
diff --git a/src/tls_builtin.c b/src/tls_builtin.c
index 6d10728616..28c8b4ce50 100644
--- a/src/tls_builtin.c
+++ b/src/tls_builtin.c
@@ -249,6 +249,7 @@ static int mg_der_to_tlv(uint8_t *der, size_t dersz, struct mg_der_tlv *tlv) {
   tlv->value = der + 2;
   if (tlv->len > 0x7f) {
     uint32_t i, n = tlv->len - 0x80;
+    if (dersz < (size_t) (2 + n)) return -1;
     tlv->len = 0;
     for (i = 0; i < n; i++) {
       tlv->len = (tlv->len << 8) | (der[2 + i]);