diff --git a/backend.go b/backend.go
index a48b66f..1f14365 100644
--- a/backend.go
+++ b/backend.go
@@ -2,6 +2,7 @@ package pgproto3
 
 import (
 	"encoding/binary"
+	"errors"
 	"fmt"
 	"io"
 )
@@ -114,6 +115,9 @@ func (b *Backend) Receive() (FrontendMessage, error) {
 		b.msgType = header[0]
 		b.bodyLen = int(binary.BigEndian.Uint32(header[1:])) - 4
 		b.partialMsg = true
+		if b.bodyLen < 0 {
+			return nil, errors.New("invalid message with negative body length received")
+		}
 	}
 
 	var msg FrontendMessage
diff --git a/frontend.go b/frontend.go
index f15a3e0..5be8de8 100644
--- a/frontend.go
+++ b/frontend.go
@@ -79,6 +79,9 @@ func (f *Frontend) Receive() (BackendMessage, error) {
 		f.msgType = header[0]
 		f.bodyLen = int(binary.BigEndian.Uint32(header[1:])) - 4
 		f.partialMsg = true
+		if f.bodyLen < 0 {
+			return nil, errors.New("invalid message with negative body length received")
+		}
 	}
 
 	msgBody, err := f.cr.Next(f.bodyLen)