diff --git a/ChangeLog b/ChangeLog
index 59f5c8e38..436b0708c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -12,6 +12,8 @@ Security
    * Fix potential stack overflow while parsing crafted X.509 certificates
      (TLS server is not affected if it doesn't ask for a client certificate)
      found using Codenomicon Defensics).
+   * Fix buffer overread of size 1 when parsing crafted X.509 certificates
+     (TLS server is not affected if it doesn't ask for a client certificate).
 
 Bugfix
    * Fix potential undefined behaviour in Camellia.
diff --git a/library/x509parse.c b/library/x509parse.c
index 9d62e9e4b..488ae8c36 100644
--- a/library/x509parse.c
+++ b/library/x509parse.c
@@ -193,6 +193,11 @@ static int x509_get_alg( unsigned char **p,
         return( POLARSSL_ERR_X509_CERT_INVALID_ALG + ret );
 
     end = *p + len;
+
+    if( len < 1 )
+        return( POLARSSL_ERR_X509_CERT_INVALID_ALG +
+                POLARSSL_ERR_ASN1_OUT_OF_DATA );
+
     alg->tag = **p;
 
     if( ( ret = asn1_get_tag( p, end, &alg->len, ASN1_OID ) ) != 0 )
@@ -240,6 +245,11 @@ static int x509_get_attr_type_value( unsigned char **p,
         return( POLARSSL_ERR_X509_CERT_INVALID_NAME + ret );
 
     oid = &cur->oid;
+
+    if( len < 1 )
+        return( POLARSSL_ERR_X509_CERT_INVALID_NAME +
+                POLARSSL_ERR_ASN1_OUT_OF_DATA );
+
     oid->tag = **p;
 
     if( ( ret = asn1_get_tag( p, end, &oid->len, ASN1_OID ) ) != 0 )
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 6fbc91644..69fb9b161 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -450,7 +450,7 @@ X509 Certificate ASN1 (TBSCertificate, issuer no inner set data)
 x509parse_crt:"30223020a0030201028204deadbeef300d06092a864886f70d0101020500300431023000":"":POLARSSL_ERR_X509_CERT_INVALID_NAME + POLARSSL_ERR_ASN1_OUT_OF_DATA
 
 X509 Certificate ASN1 (TBSCertificate, issuer two inner set datas)
-x509parse_crt:"30243022a0030201028204deadbeef300d06092a864886f70d01010205003006310430003000":"":POLARSSL_ERR_X509_CERT_INVALID_NAME + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
+x509parse_crt:"30243022a0030201028204deadbeef300d06092a864886f70d01010205003006310430003000":"":POLARSSL_ERR_X509_CERT_INVALID_NAME + POLARSSL_ERR_ASN1_OUT_OF_DATA
 
 X509 Certificate ASN1 (TBSCertificate, issuer no oid data)
 x509parse_crt:"30243022a0030201028204deadbeef300d06092a864886f70d01010205003006310430020600":"":POLARSSL_ERR_X509_CERT_INVALID_NAME + POLARSSL_ERR_ASN1_OUT_OF_DATA