diff --git a/docs/changes.txt b/docs/changes.txt
index 6d7c2b841..5d82ddb6c 100644
--- a/docs/changes.txt
+++ b/docs/changes.txt
@@ -17,6 +17,7 @@
 - Fixed false negative in hash-mode 15900 (DPAPI masterkey file v2) if password was longer than 64 characters
 - Fixed hashcat_ctx leak and refactor module and kernel existence checks
 - Fixed integer overflow in Recovered/Time status view column caused by division > 0 but < 1
+- Fixed out-of-boundary write in slow candidates mode in combinator attack
 
 ##
 ## Features
diff --git a/src/slow_candidates.c b/src/slow_candidates.c
index 45af658e8..a9675e13e 100644
--- a/src/slow_candidates.c
+++ b/src/slow_candidates.c
@@ -313,11 +313,16 @@ void slow_candidates_next (hashcat_ctx_t *hashcat_ctx, void *extra_info)
       break;
     }
 
-    memcpy (extra_info_combi->out_buf + extra_info_combi->out_len, line_buf, line_len);
+    // this can overflow so we move it up
 
     extra_info_combi->out_len += line_len;
 
-    memset (extra_info_combi->out_buf + extra_info_combi->out_len, 0, sizeof (extra_info_combi->out_buf) - extra_info_combi->out_len);
+    if (extra_info_combi->out_len <= sizeof (extra_info_combi->out_buf))
+    {
+      memcpy (extra_info_combi->out_buf + extra_info_combi->out_len, line_buf, line_len);
+
+      memset (extra_info_combi->out_buf + extra_info_combi->out_len, 0, sizeof (extra_info_combi->out_buf) - extra_info_combi->out_len);
+    }
 
     extra_info_combi->comb_pos_prev = extra_info_combi->comb_pos;