diff --git a/lib/ngtcp2_conn.c b/lib/ngtcp2_conn.c
index 65aaedde5f560c2c1173a2fa188801012fd33f2e..f2e20bb9648c4c3f8d58ad3836481934d57de66e 100644
--- a/lib/ngtcp2_conn.c
+++ b/lib/ngtcp2_conn.c
@@ -4702,7 +4702,11 @@ static int conn_recv_handshake_cpkt(ngtcp2_conn *conn, const ngtcp2_path *path,
       if (nread == NGTCP2_ERR_DISCARD_PKT) {
         goto fin;
       }
-      if (nread != NGTCP2_ERR_CRYPTO && (pkt[0] & NGTCP2_HEADER_FORM_BIT) &&
+      if (nread != NGTCP2_ERR_CRYPTO &&
+          (pkt[0] & NGTCP2_HEADER_FORM_BIT) &&
+          /* Not a Version Negotiation packet */
+          pktlen > 4 &&
+          ngtcp2_get_uint32(&pkt[1]) > 0 &&
           ngtcp2_pkt_get_type_long(pkt[0]) == NGTCP2_PKT_INITIAL) {
         goto fin;
       }