diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index fe031c619..ed557db70 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -14799,7 +14799,7 @@ static int GetEnumerated(const byte* input, word32* inOutIdx, int *value,
         return BUFFER_E;
 
     len = input[idx++];
-    if (len > 4 || (int)len > sz)
+    if (len > 4 || (int)(len + idx) > sz)
         return ASN_PARSE_E;
 
     while (len--) {
@@ -14859,6 +14859,9 @@ static int DecodeSingleResponse(byte* source,
     if (GetSerialNumber(source, &idx, cs->serial, &cs->serialSz, size) < 0)
         return ASN_PARSE_E;
 
+    if ( idx >= size )
+        return BUFFER_E;
+
     /* CertStatus */
     switch (source[idx++])
     {