diff --git a/ssh/messages.go b/ssh/messages.go
index f9e44bb1eb1eec..eaf6106698e762 100644
--- a/ssh/messages.go
+++ b/ssh/messages.go
@@ -484,11 +484,12 @@ func parseString(in []byte) (out, rest []byte, ok bool) {
 		return
 	}
 	length := binary.BigEndian.Uint32(in)
-	if uint32(len(in)) < 4+length {
+	in = in[4:]
+	if uint32(len(in)) < length {
 		return
 	}
-	out = in[4 : 4+length]
-	rest = in[4+length:]
+	out = in[:length]
+	rest = in[length:]
 	ok = true
 	return
 }
diff --git a/ssh/messages_test.go b/ssh/messages_test.go
index 21d52daf264a85..955b5127f9bf4a 100644
--- a/ssh/messages_test.go
+++ b/ssh/messages_test.go
@@ -162,6 +162,16 @@ func TestBareMarshal(t *testing.T) {
 	}
 }
 
+func TestUnmarshalShortKexInitPacket(t *testing.T) {
+	// This used to panic.
+	// Issue 11348
+	packet := []byte{0x14, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0xff, 0xff, 0xff, 0xff}
+	kim := &kexInitMsg{}
+	if err := Unmarshal(packet, kim); err == nil {
+		t.Error("truncated packet unmarshaled without error")
+	}
+}
+
 func randomBytes(out []byte, rand *rand.Rand) {
 	for i := 0; i < len(out); i++ {
 		out[i] = byte(rand.Int31())