diff --git a/binaries/aarch64/nfqws b/binaries/aarch64/nfqws
index 7d2a1dd1..97c696b3 100755
Binary files a/binaries/aarch64/nfqws and b/binaries/aarch64/nfqws differ
diff --git a/binaries/arm/nfqws b/binaries/arm/nfqws
index 2309d110..dbef3589 100755
Binary files a/binaries/arm/nfqws and b/binaries/arm/nfqws differ
diff --git a/binaries/freebsd-x64/dvtws b/binaries/freebsd-x64/dvtws
index 8f56d012..f41049eb 100755
Binary files a/binaries/freebsd-x64/dvtws and b/binaries/freebsd-x64/dvtws differ
diff --git a/binaries/mips32r1-lsb/nfqws b/binaries/mips32r1-lsb/nfqws
index 42efa002..79061844 100755
Binary files a/binaries/mips32r1-lsb/nfqws and b/binaries/mips32r1-lsb/nfqws differ
diff --git a/binaries/mips32r1-msb/nfqws b/binaries/mips32r1-msb/nfqws
index 60093e42..90a93b11 100755
Binary files a/binaries/mips32r1-msb/nfqws and b/binaries/mips32r1-msb/nfqws differ
diff --git a/binaries/mips64r2-msb/nfqws b/binaries/mips64r2-msb/nfqws
index 6db647b6..13f9d62e 100755
Binary files a/binaries/mips64r2-msb/nfqws and b/binaries/mips64r2-msb/nfqws differ
diff --git a/binaries/ppc/nfqws b/binaries/ppc/nfqws
index 245ef3e6..b854c119 100755
Binary files a/binaries/ppc/nfqws and b/binaries/ppc/nfqws differ
diff --git a/binaries/x86/nfqws b/binaries/x86/nfqws
index 2a8908f3..863088a5 100755
Binary files a/binaries/x86/nfqws and b/binaries/x86/nfqws differ
diff --git a/binaries/x86_64/nfqws b/binaries/x86_64/nfqws
index a70049c1..15fc9963 100755
Binary files a/binaries/x86_64/nfqws and b/binaries/x86_64/nfqws differ
diff --git a/nfq/protocol.c b/nfq/protocol.c
index f826b7e2..d6d28a43 100644
--- a/nfq/protocol.c
+++ b/nfq/protocol.c
@@ -86,10 +86,12 @@ bool IsQUICCryptoHello(const uint8_t *data, size_t len, size_t *hello_offset, si
 	size_t offset = 1;
 	uint64_t coff, clen;
 	if (len < 3 || *data != 6) return false;
+	if ((offset+tvb_get_size(data[offset])) >= len) return false;
 	offset += tvb_get_varint(data + offset, &coff);
-	if (offset >= len) return false;
+	// offset must be 0 if it's a full segment, not just a chunk
+	if (coff || (offset+tvb_get_size(data[offset])) >= len) return false;
 	offset += tvb_get_varint(data + offset, &clen);
-	if (offset >= len || data[offset] != 0x01 || (offset + coff + clen) > len) return false;
+	if (data[offset] != 0x01 || (offset + coff + clen) > len) return false;
 	if (hello_offset) *hello_offset = offset + coff;
 	if (hello_len) *hello_len = (size_t)clen;
 	return true;