diff --git a/src/http_act.c b/src/http_act.c
index 57e390b3f..f982ce068 100644
--- a/src/http_act.c
+++ b/src/http_act.c
@@ -1511,11 +1511,15 @@ static enum act_return http_action_set_headers_bin(struct act_rule *rule, struct
 			goto leave;
 		}
 
+		if (sz > (uint64_t)(end - p))
+			goto fail_rewrite;
 		n = ist2(p, sz);
 		p += sz;
 
 		if (decode_varint(&p, end, &sz) == -1)
 			goto fail_rewrite;
+		if (sz > (uint64_t)(end - p))
+			goto fail_rewrite;
 
 		v = ist2(p, sz);
 		p += sz;
@@ -1935,6 +1939,8 @@ static enum act_return http_action_del_headers_bin(struct act_rule *rule, struct
 			goto fail_rewrite;
 		if (!sz)
 			goto leave;
+		if (sz > (uint64_t)(end - p))
+			goto fail_rewrite;
 
 		n = ist2(p, sz);
 		p += sz;