diff --git a/CHANGES b/CHANGES
index f701245358..12f16ff08b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+4.2.0-dev.54 | 2021-07-29 13:23:51 -0700
+
+  * GH-1692: Add some safety to ASN's binary_to_int64 to avoid bad shifts (Tim Wojtulewicz, Corelight)
+
 4.2.0-dev.50 | 2021-07-27 09:36:13 -0700
 
   * Fix a use-after-free during shutdown (Tim Wojtulewicz, Corelight)
diff --git a/VERSION b/VERSION
index d843d69b51..27ba269bfb 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-4.2.0-dev.50
+4.2.0-dev.54
diff --git a/src/analyzer/protocol/asn1/asn1.pac b/src/analyzer/protocol/asn1/asn1.pac
index d28e531ad2..35a27e88ba 100644
--- a/src/analyzer/protocol/asn1/asn1.pac
+++ b/src/analyzer/protocol/asn1/asn1.pac
@@ -87,10 +87,18 @@ type Array = record {
 
 ############################## ASN.1 Conversion Functions
 
+# Converts an 8-byte string into an int64. If this string is longer than
+# 8 bytes, it reports a weird and returns zero.
 function binary_to_int64(bs: bytestring): int64
 	%{
 	int64 rval = 0;
 
+	if ( bs.length() > 8 )
+		{
+		zeek::reporter->Weird("asn_binary_to_int64_shift_too_large", zeek::util::fmt("%d", bs.length()));
+		return 0;
+		}
+
 	for ( int i = 0; i < bs.length(); ++i )
 		{
 		uint64 byte = bs[i];