diff --git a/CHANGES b/CHANGES
index d9695a1168..98ae989420 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,25 @@
 
+3.2.0-dev.992 | 2020-07-27 11:36:53 -0700
+
+  * Fix potential NetbiosSSN analyzer stack overflow (Jon Siwek, Corelight)
+
+    The Contents_NetbiosSSN analyzer used a recursive message parsing
+    function that determined the size of the next message from the input
+    packet-data itself.  A packet containing a sequence of many small
+    messages could cause a stack overflow since a recursion happened after
+    processing each message.
+
+  * Fix potential DNS analyzer stack overflow (Jon Siwek, Corelight)
+
+    The Contents_DNS analyzer used a recursive message parsing function that
+    determined the size of the next message from the input packet-data
+    itself.  A packet containing a sequence of many small messages could
+    cause a stack overflow since a recursion happened after processing
+    each message.
+
+    Credit to OSS-Fuzz for discovery
+    https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24272
+
 3.2.0-dev.988 | 2020-07-27 11:19:20 -0700
 
   * Update submodules to release versions in prep for release/3.2 branch (Jon Siwek, Corelight)
diff --git a/VERSION b/VERSION
index a6f45ed87d..5917b824da 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-3.2.0-dev.988
+3.2.0-dev.992
diff --git a/src/analyzer/protocol/netbios/NetbiosSSN.cc b/src/analyzer/protocol/netbios/NetbiosSSN.cc
index 08d4fdc8a2..3f2360ed09 100644
--- a/src/analyzer/protocol/netbios/NetbiosSSN.cc
+++ b/src/analyzer/protocol/netbios/NetbiosSSN.cc
@@ -358,6 +358,12 @@ void Contents_NetbiosSSN::Flush()
 	}
 
 void Contents_NetbiosSSN::DeliverStream(int len, const u_char* data, bool orig)
+	{
+	while ( len > 0 )
+		ProcessChunk(len, data, orig);
+	}
+
+void Contents_NetbiosSSN::ProcessChunk(int& len, const u_char*& data, bool orig)
 	{
 	tcp::TCP_SupportAnalyzer::DeliverStream(len, data, orig);
 
@@ -434,6 +440,9 @@ void Contents_NetbiosSSN::DeliverStream(int len, const u_char* data, bool orig)
 	for ( n = 0; buf_n < msg_size && n < len; ++n )
 		msg_buf[buf_n++] = data[n];
 
+	data += n;
+	len -= n;
+
 	if ( buf_n < msg_size )
 		// Haven't filled up the message buffer yet, no more to do.
 		return;
@@ -442,10 +451,6 @@ void Contents_NetbiosSSN::DeliverStream(int len, const u_char* data, bool orig)
 	buf_n = 0;
 
 	state = NETBIOS_SSN_TYPE;
-
-	if ( n < len )
-		// More data to munch on.
-		DeliverStream(len - n, data + n, orig);
 	}
 
 NetbiosSSN_Analyzer::NetbiosSSN_Analyzer(Connection* conn)
diff --git a/src/analyzer/protocol/netbios/NetbiosSSN.h b/src/analyzer/protocol/netbios/NetbiosSSN.h
index e775abf839..27d1be4ba9 100644
--- a/src/analyzer/protocol/netbios/NetbiosSSN.h
+++ b/src/analyzer/protocol/netbios/NetbiosSSN.h
@@ -124,6 +124,7 @@ public:
 
 protected:
 	void DeliverStream(int len, const u_char* data, bool orig) override;
+	void ProcessChunk(int& len, const u_char*& data, bool orig);
 
 	NetbiosSSN_Interpreter* interp;