ns_test.go | 12 ++++++++++++
 r.go       |  6 +++++-

diff --git a/ns_test.go b/ns_test.go
index e123548483381f757110e89b2cc6cfe58b2db958334a25b3d966d661e33c6311..7ae14b66de24114485d784dc0f1f6065f72b2f0911b44d8d168680193b9fca5e 100644
--- a/ns_test.go
+++ b/ns_test.go
@@ -131,6 +131,18 @@ 	}
 	if _, err := r.Read(data); err == nil {
 		t.FailNow()
 	}
+
+	b = bytes.NewBufferString(":foobar,")
+	r = NewReader(b)
+	if _, err := r.Next(); err == nil {
+		t.FailNow()
+	}
+
+	b = bytes.NewBufferString("06:foobar,")
+	r = NewReader(b)
+	if _, err := r.Next(); err == nil {
+		t.FailNow()
+	}
 }
 
 func TestExample(t *testing.T) {
diff --git a/r.go b/r.go
index 5201abe7e3363c95b6d76e71a00346ed4b0c0933ced908370538ae5c09e729f5..e3a0ea2899670612cf747fa938db5e441152ccc6983b7c34ed4bbd6c84c3482e 100644
--- a/r.go
+++ b/r.go
@@ -48,7 +48,11 @@ 	lenRaw, err := r.r.ReadSlice(':')
 	if err != nil {
 		return 0, fmt.Errorf("netstring header: %w", err)
 	}
-	size, err := strconv.ParseUint(string(lenRaw[:len(lenRaw)-1]), 10, 64)
+	lenRaw = lenRaw[:len(lenRaw)-1]
+	if len(lenRaw) > 1 && lenRaw[0] == '0' {
+		return 0, errors.New("netstring header: leading zero")
+	}
+	size, err := strconv.ParseUint(string(lenRaw), 10, 64)
 	if err != nil {
 		return 0, fmt.Errorf("netstring header: %w", err)
 	}