diff --git a/src/ssl.c b/src/ssl.c
index 95fc7e37b..36acaaac2 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -40280,6 +40280,10 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
                 WOLFSSL_MSG("Serial size error");
                 return WOLFSSL_FAILURE;
             }
+            if (sizeof(cert->serial) < serialSz) {
+                WOLFSSL_MSG("Serial buffer too small");
+                return BUFFER_E;
+            }
             XMEMCPY(cert->serial, serial, serialSz);
             cert->serialSz = serialSz;
         #else