diff --git a/cyassl/error-ssl.h b/cyassl/error-ssl.h
index 74445b40c..1cfb2cca3 100644
--- a/cyassl/error-ssl.h
+++ b/cyassl/error-ssl.h
@@ -114,10 +114,11 @@ enum CyaSSL_ErrorCodes {
     CACHE_MATCH_ERROR       = -280,        /* chache hdr match error */
     UNKNOWN_SNI_HOST_NAME_E = -281,        /* Unrecognized host name Error */
     UNKNOWN_MAX_FRAG_LEN_E  = -282,        /* Unrecognized max frag len Error */
-    /* add strings to SetErrorString !!!!! */
     KEYUSE_SIGNATURE_E      = -283,        /* KeyUse digSignature error */
     KEYUSE_ENCIPHER_E       = -285,        /* KeyUse keyEncipher error */
     EXTKEYUSE_AUTH_E        = -286,        /* ExtKeyUse server|client_auth */
+    SEND_OOB_READ_E         = -287,        /* Send Cb out of bounds read */
+    /* add strings to SetErrorString !!!!! */
 
     /* begin negotiation parameter errors */
     UNSUPPORTED_SUITE       = -290,        /* unsupported cipher suite */
diff --git a/src/internal.c b/src/internal.c
index 68579aec3..d7740e0c1 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -2780,6 +2780,11 @@ int SendBuffered(CYASSL* ssl)
             return SOCKET_ERROR_E;
         }
 
+        if (sent > (int)ssl->buffers.outputBuffer.length) {
+            CYASSL_MSG("SendBuffered() out of bounds read");
+            return SEND_OOB_READ_E;
+        }
+
         ssl->buffers.outputBuffer.idx += sent;
         ssl->buffers.outputBuffer.length -= sent;
     }
@@ -6596,6 +6601,9 @@ const char* CyaSSL_ERR_reason_error_string(unsigned long e)
     case EXTKEYUSE_AUTH_E:
         return "Ext Key Use server/client auth not set Error";
 
+    case SEND_OOB_READ_E:
+        return "Send Callback Out of Bounds Read Error";
+
     default :
         return "unknown error number";
     }