diff --git a/ssl/quic/quic_lcidm.c b/ssl/quic/quic_lcidm.c
index a79eab8781..0766f4aaf6 100644
--- a/ssl/quic/quic_lcidm.c
+++ b/ssl/quic/quic_lcidm.c
@@ -149,6 +149,9 @@ static QUIC_LCID *lcidm_get_lcid(const QUIC_LCIDM *lcidm, const QUIC_CONN_ID *lc
 
     key.cid = *lcid;
 
+    if (key.cid.id_len > QUIC_MAX_CONN_ID_LEN)
+        return NULL;
+
     return lh_QUIC_LCID_retrieve(lcidm->lcids, &key);
 }
 
@@ -208,6 +211,9 @@ static QUIC_LCID *lcidm_conn_new_lcid(QUIC_LCIDM *lcidm, QUIC_LCIDM_CONN *conn,
 {
     QUIC_LCID *lcid_obj;
 
+    if (lcid->id_len > QUIC_MAX_CONN_ID_LEN)
+        return NULL;
+
     if ((lcid_obj = OPENSSL_zalloc(sizeof(*lcid_obj))) == NULL)
         return NULL;
 
diff --git a/test/quic_lcidm_test.c b/test/quic_lcidm_test.c
index 31f6bda433..b5937dfdbf 100644
--- a/test/quic_lcidm_test.c
+++ b/test/quic_lcidm_test.c
@@ -23,7 +23,7 @@ static int test_lcidm(void)
     int testresult = 0;
     QUIC_LCIDM *lcidm;
     size_t lcid_len = 10; /* != ODCID len */
-    QUIC_CONN_ID lcid_1, lcid_dummy, lcid_init;
+    QUIC_CONN_ID lcid_1, lcid_dummy, lcid_init = {0};
     OSSL_QUIC_FRAME_NEW_CONN_ID ncid_frame_1, ncid_frame_2, ncid_frame_3;
     void *opaque = NULL;
     uint64_t seq_num = UINT64_MAX;