diff --git a/library/x509_create.c b/library/x509_create.c
index 50db95688ff0c18681e959febab3a2f68dfc9590..28c1de74b16ec78adf00cf31d209b82d5ce19e14 100644
--- a/library/x509_create.c
+++ b/library/x509_create.c
@@ -203,6 +203,9 @@ int mbedtls_x509_set_extension(mbedtls_asn1_named_data **head, const char *oid,
                                int critical, const unsigned char *val, size_t val_len)
 {
     mbedtls_asn1_named_data *cur;
+    if (val_len > (SIZE_MAX  - 1)) {
+        return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
+    }
 
     if ((cur = mbedtls_asn1_store_named_data(head, oid, oid_len,
                                              NULL, val_len + 1)) == NULL) {