diff --git a/src/internal.c b/src/internal.c
index 52398e12..2f4753e9 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -3763,6 +3763,12 @@ static int DoUserAuthRequest(WOLFSSH* ssh,
         ret = GetUint32(&authData.authNameSz, buf, len, &begin);
     }
 
+    if (ret == WS_SUCCESS) {
+        if (authData.authNameSz > len - begin) {
+            ret = WS_BUFFER_E;
+        }
+    }
+
     if (ret == WS_SUCCESS) {
         authData.authName = buf + begin;
         begin += authData.authNameSz;