diff --git a/CHANGELOG b/CHANGELOG
index ca81a624..34d64a8d 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -51,6 +51,10 @@ HISTORY
 
   ++ Bugfixes:
 
+  2008-10-18 Simon Goldschmidt
+  * tcp_in.c: fixed bug ##24596: Vulnerability on faulty TCP options length
+    in tcp_parseopt
+
   2008-10-15 Simon Goldschmidt
   * ip_frag.c: fixed bug #24517: IP reassembly crashes on unaligned IP headers
     by packing the struct ip_reass_helper.
diff --git a/src/core/tcp_in.c b/src/core/tcp_in.c
index 070ec7f4..765ac466 100644
--- a/src/core/tcp_in.c
+++ b/src/core/tcp_in.c
@@ -1308,7 +1308,7 @@ tcp_receive(struct tcp_pcb *pcb)
 static void
 tcp_parseopt(struct tcp_pcb *pcb)
 {
-  u8_t c;
+  u16_t c;
   u8_t *opts, opt;
   u16_t mss;