diff --git a/CHANGES b/CHANGES
index e10e19d812..be050b8dc7 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,9 @@
+5.0.0-dev.572 | 2022-06-03 10:31:51 -0700
+
+  * Fix hang in DNS analyzer with malformed packet (Tim Wojtulewicz, Corelight)
+
+    (cherry picked from commit dfc9f77b68f6d02d059ade322b9c132e32c26872)
+
 5.0.0-dev.571 | 2022-06-03 09:50:45 -0700
 
   * Additional &is_used tags in the Netcontrol and Sumstats frameworks (Christian Kreibich, Corelight)
diff --git a/VERSION b/VERSION
index a6a128cb4d..f61e6ca32f 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-5.0.0-dev.571
+5.0.0-dev.572
diff --git a/src/analyzer/protocol/dns/DNS.cc b/src/analyzer/protocol/dns/DNS.cc
index 4d8d993610..788de2a181 100644
--- a/src/analyzer/protocol/dns/DNS.cc
+++ b/src/analyzer/protocol/dns/DNS.cc
@@ -236,6 +236,11 @@ bool DNS_Interpreter::ParseAnswer(detail::DNS_MsgInfo* msg, const u_char*& data,
 		analyzer->Weird("DNS_truncated_RR_rdlength_lt_len");
 		return false;
 		}
+	else if ( rdlength == 0 && len > 0 )
+		{
+		analyzer->Weird("DNS_zero_rdlength");
+		return false;
+		}
 
 	bool status;
 	switch ( msg->atype )
@@ -690,8 +695,9 @@ bool DNS_Interpreter::ParseRR_EDNS(detail::DNS_MsgInfo* msg, const u_char*& data
 		analyzer->EnqueueConnEvent(dns_EDNS_addl, analyzer->ConnVal(), msg->BuildHdrVal(),
 		                           msg->BuildEDNS_Val());
 
-	// parse EDNS options
-	while ( len > 0 )
+	// parse EDNS options. length has to be at least 4 to parse out the option
+	// code and length.
+	while ( len >= 4 )
 		{
 		uint16_t option_code = ExtractShort(data, len);
 		int option_len = ExtractShort(data, len);
@@ -891,6 +897,12 @@ bool DNS_Interpreter::ParseRR_EDNS(detail::DNS_MsgInfo* msg, const u_char*& data
 			}
 		}
 
+	if ( len > 0 )
+		{
+		analyzer->Weird("EDNS_truncated_option");
+		return false;
+		}
+
 	return true;
 	}
 
diff --git a/testing/btest/Baseline/scripts.base.protocols.dns.dns-edns-ecs/weird.log b/testing/btest/Baseline/scripts.base.protocols.dns.dns-edns-ecs/weird.log
index 11b2698348..db93535f27 100644
--- a/testing/btest/Baseline/scripts.base.protocols.dns.dns-edns-ecs/weird.log
+++ b/testing/btest/Baseline/scripts.base.protocols.dns.dns-edns-ecs/weird.log
@@ -12,4 +12,5 @@ XXXXXXXXXX.XXXXXX	ClEkJM2Vm5giqnMf4h	74.125.73.76	55744	192.168.90.10	53	EDNS_EC
 XXXXXXXXXX.XXXXXX	C4J4Th3PJpwUYZZ6gc	2a00:1450:4013:c03::10a	46433	2001:470:765b::a25:53	53	EDNS_ECS_invalid_addr_v6_prefix	255 bits	F	zeek	DNS
 XXXXXXXXXX.XXXXXX	CtPZjS20MLrsMUOJi2	2a00:1450:4013:c06::105	63369	2001:470:765b::a25:53	53	EDNS_ECS_invalid_addr_v6	need 66 bits, have 56 bits	F	zeek	DNS
 XXXXXXXXXX.XXXXXX	CUM0KZ3MLUfNB0cl11	2a00:1450:400c:c00::106	54430	2001:470:765b::a25:53	53	EDNS_ECS_invalid_option_len	-	F	zeek	DNS
+XXXXXXXXXX.XXXXXX	CUM0KZ3MLUfNB0cl11	2a00:1450:400c:c00::106	54430	2001:470:765b::a25:53	53	EDNS_truncated_option	-	F	zeek	DNS
 #close XXXX-XX-XX-XX-XX-XX