diff --git a/CHANGES b/CHANGES
index fe453bf000..81b6859f17 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,14 @@
 
+4.1.0-dev.224 | 2021-02-12 11:18:32 -0800
+
+  * GH-1398: Fix buffer overread in ascii formatter (Johanna Amann, Corelight)
+
+    When a text with an (escaped) zero byte was passed to ParseValue, only
+    the part of the string up to the zero byte was copied, but the length of
+    the full string was passed to the input framework.
+
+    This leads to the input manager reading over the end of the buffer.
+
 4.1.0-dev.220 | 2021-02-11 11:10:46 -0800
 
   * GH-1399: Remove RocksDB configure script options (Jon Siwek, Corelight)
diff --git a/VERSION b/VERSION
index e39f70b64f..4f5664ea12 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-4.1.0-dev.220
+4.1.0-dev.224
diff --git a/src/threading/formatters/Ascii.cc b/src/threading/formatters/Ascii.cc
index ff43bfa27b..3cff8b02cf 100644
--- a/src/threading/formatters/Ascii.cc
+++ b/src/threading/formatters/Ascii.cc
@@ -225,7 +225,9 @@ Value* Ascii::ParseValue(const string& s, const string& name, TypeTag type, Type
 		{
 		string unescaped = util::get_unescaped_string(s);
 		val->val.string_val.length = unescaped.size();
-		val->val.string_val.data = util::copy_string(unescaped.c_str());
+		val->val.string_val.data = new char[val->val.string_val.length];
+		// we do not need a zero-byte at the end - the input manager adds that explicitly
+		memcpy(val->val.string_val.data, unescaped.data(), unescaped.size());
 		break;
 		}
 
diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.binary/out b/testing/btest/Baseline/scripts.base.frameworks.input.binary/out
index 5c7202123e..7ddee73649 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.input.binary/out
+++ b/testing/btest/Baseline/scripts.base.frameworks.input.binary/out
@@ -5,3 +5,7 @@ abc|\xffdef
 DATA2
 abc\xff|def
 DATA2
+abc\x00\x00\x00\xff|def
+DATA3
+abcd\x00\x00\x00ef
+DATA4
diff --git a/testing/btest/scripts/base/frameworks/input/binary.zeek b/testing/btest/scripts/base/frameworks/input/binary.zeek
index fa98625997..1ea89ea91b 100644
Binary files a/testing/btest/scripts/base/frameworks/input/binary.zeek and b/testing/btest/scripts/base/frameworks/input/binary.zeek differ