diff --git a/CHANGES b/CHANGES
index c32c1cf616..d8616e5f4e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,11 @@
 
+3.3.0-dev.454 | 2020-10-16 10:34:53 -0700
+
+  * Change ICMP Neighbor Discovery option length storage to a uint16 (Vlad Grigorescu)
+
+    This fixes an overflow in the calculation of option lengths in
+    ICMP Neighbor Discovery messages.
+
 3.3.0-dev.451 | 2020-10-16 07:09:43 +0000
 
   * Make event ordering deterministic
diff --git a/VERSION b/VERSION
index 4f7facacb3..4ab43ac5ec 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-3.3.0-dev.451
+3.3.0-dev.454
diff --git a/src/analyzer/protocol/icmp/ICMP.cc b/src/analyzer/protocol/icmp/ICMP.cc
index 3f3928f6ab..3c8fbe1a35 100644
--- a/src/analyzer/protocol/icmp/ICMP.cc
+++ b/src/analyzer/protocol/icmp/ICMP.cc
@@ -764,7 +764,7 @@ VectorValPtr ICMP_Analyzer::BuildNDOptionsVal(int caplen, const u_char* data)
 			}
 
 		uint8_t type = *((const uint8_t*)data);
-		uint8_t length = *((const uint8_t*)(data + 1));
+		uint16_t length = *((const uint8_t*)(data + 1));
 
 		if ( length == 0 )
 			{
diff --git a/testing/btest/Baseline/scripts.base.protocols.icmp.dnssl/.stdout b/testing/btest/Baseline/scripts.base.protocols.icmp.dnssl/.stdout
new file mode 100644
index 0000000000..ec1396d321
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.icmp.dnssl/.stdout
@@ -0,0 +1,2 @@
+dnssl len 32 payload 254
+dnssl len 33 payload 262
diff --git a/testing/btest/Traces/icmp_nd_dnssl.trace b/testing/btest/Traces/icmp_nd_dnssl.trace
new file mode 100644
index 0000000000..98cc0fe825
Binary files /dev/null and b/testing/btest/Traces/icmp_nd_dnssl.trace differ
diff --git a/testing/btest/scripts/base/protocols/icmp/dnssl.zeek b/testing/btest/scripts/base/protocols/icmp/dnssl.zeek
new file mode 100644
index 0000000000..33a77adf67
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/icmp/dnssl.zeek
@@ -0,0 +1,14 @@
+# @TEST-EXEC: zeek -b -C -r $TRACES/icmp_nd_dnssl.trace %INPUT
+# @TEST-EXEC: btest-diff .stdout
+
+@load base/protocols/conn
+
+event icmp_router_advertisement(c: connection, icmp: icmp_conn, cur_hop_limit: count, managed: bool, other: bool, home_agent: bool,
+                                pref: count, proxy: bool, rsv: count, router_lifetime: interval, reachable_time: interval,
+                                retrans_timer: interval, options: icmp6_nd_options ){
+	for (i in options){
+		if(options[i]$otype==31){
+			print fmt("dnssl len %d payload %d",options[i]$len,|options[i]$payload|);
+		}
+	}
+}