diff --git a/src/internal.c b/src/internal.c
index c971a87..1e76ad6 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -3886,18 +3886,35 @@ static int DoUserAuthRequestPublicKey(WOLFSSH* ssh, WS_UserAuthData* authData,
     if (ret == WS_SUCCESS)
         ret = GetUint32(&pk->publicKeyTypeSz, buf, len, &begin);
 
+    if (ret == WS_SUCCESS) {
+        if (pk->publicKeyTypeSz > len - begin) {
+            ret = WS_BUFFER_E;
+        }
+    }
+
     if (ret == WS_SUCCESS) {
         pk->publicKeyType = buf + begin;
         begin += pk->publicKeyTypeSz;
         ret = GetUint32(&pk->publicKeySz, buf, len, &begin);
     }
 
+    if (ret == WS_SUCCESS) {
+        if (pk->publicKeySz > len - begin) {
+            ret = WS_BUFFER_E;
+        }
+    }
+
     if (ret == WS_SUCCESS) {
         pk->publicKey = buf + begin;
         begin += pk->publicKeySz;
 
         if (pk->hasSignature) {
             ret = GetUint32(&pk->signatureSz, buf, len, &begin);
+            if (ret == WS_SUCCESS) {
+                if (pk->signatureSz > len - begin) {
+                    ret = WS_BUFFER_E;
+                }
+            }
             if (ret == WS_SUCCESS) {
                 pk->signature = buf + begin;
                 begin += pk->signatureSz;
@@ -4043,6 +4060,12 @@ static int DoUserAuthRequest(WOLFSSH* ssh,
         ret = GetUint32(&authData.usernameSz, buf, len, &begin);
     }
 
+    if (ret == WS_SUCCESS) {
+        if (authData.usernameSz > len - begin) {
+            ret = WS_BUFFER_E;
+        }
+    }
+
     if (ret == WS_SUCCESS) {
         authData.username = buf + begin;
         begin += authData.usernameSz;
@@ -4050,6 +4073,12 @@ static int DoUserAuthRequest(WOLFSSH* ssh,
         ret = GetUint32(&authData.serviceNameSz, buf, len, &begin);
     }
 
+    if (ret == WS_SUCCESS) {
+        if (authData.serviceNameSz > len - begin) {
+            ret = WS_BUFFER_E;
+        }
+    }
+
     if (ret == WS_SUCCESS) {
         authData.serviceName = buf + begin;
         begin += authData.serviceNameSz;