diff --git a/src/tls13.c b/src/tls13.c
index 524b751b4..faef6bd95 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -6073,6 +6073,10 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
 
         case TLS_ASYNC_BUILD:
         {
+            int rem = ssl->buffers.outputBuffer.bufferSize
+              - ssl->buffers.outputBuffer.length
+              - RECORD_HEADER_SZ - HANDSHAKE_HEADER_SZ;
+
             /* idx is used to track verify pointer offset to output */
             args->idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
             args->verify =
@@ -6092,6 +6096,10 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
                     goto exit_scv;
             }
 
+            if (rem < 0 || args->length > rem) {
+                ERROR_OUT(BUFFER_E, exit_scv);
+            }
+
             if (args->length == 0) {
                 ERROR_OUT(NO_PRIVATE_KEY, exit_scv);
             }