diff --git a/CHANGES b/CHANGES
index b59145a138..bf49f94c70 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,8 @@
 
+2.3-197 | 2014-09-29 10:42:01 -0500
+
+  * Fix possible seg fault in TCP reassembler. (Jon Siwek)
+
 2.3-196 | 2014-09-25 17:53:27 -0700
 
   * Changing prefix for packet sources/dumper from ':' to '%'.
diff --git a/VERSION b/VERSION
index 9301ded595..b5cf6187a5 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.3-196
+2.3-197
diff --git a/src/analyzer/protocol/tcp/TCP_Reassembler.cc b/src/analyzer/protocol/tcp/TCP_Reassembler.cc
index 921f3a3204..0f7699011e 100644
--- a/src/analyzer/protocol/tcp/TCP_Reassembler.cc
+++ b/src/analyzer/protocol/tcp/TCP_Reassembler.cc
@@ -249,7 +249,9 @@ void TCP_Reassembler::Undelivered(uint64 up_to_seq)
 				Gap(gap_at_seq, gap_len);
 				last_reassem_seq += gap_len;
 				BlockInserted(b);
-				b = b->next;
+				// Inserting a block may cause trimming of what's buffered,
+				// so have to assume 'b' is invalid, hence re-assign to start.
+				b = blocks;
 				}
 
 			if ( up_to_seq > last_reassem_seq )